It seems like their time would have been better spent forking and improving Greasemonkey, if they thought it wasn't user-friendly enough or whatever, instead of re-doing everything.<p>As I recall, there were significant problems with Greasemonkey's original approach of leaving privileged user scripts in the global namespace while untrusted scripts from the web execute, since it could wrap objects user scripts would later call, potentially turning any normal function call into a state-stealing XMLHttpReq. From a quick read of the jetpack site, it appears that user code does indeed remain accessible while untrusted code executes (since the jetpack.tabs object is noted to be "live"). I wonder how they deal with that problem of hostile-wrapped objects? [Edited for detail and clarity]