There's a security issue on the web with ES2015 Proxies where a cross-origin request can be made to load some ECMAScript code, and this request can leak some information across origins due to the existence of Proxies. Details can be found here: https://code.google.com/p/chromium/issues/detail?id=399951 . The short story is that the Proxy can be put in the prototype chain of the global object, and