Soon, StreetPass won't inject any client-side javascript at all. This has a few benefits:
Will remove scary “scripting” permissions. Will guarantee at a platform level that StreetPass will never be able to manipulate the content you're looking at on the web.
Will never run on the main thread. StreetPass currently uses a MutationObserver to detect client-side page transitions, but unfortunately this method is not as performant as I had expected (https://github.com/tvler/streetpass/issues/63)
