diff --git a/worklets/Overview.bs b/worklets/Overview.bs index 8d40fcce..78ea8c3b 100644 --- a/worklets/Overview.bs +++ b/worklets/Overview.bs @@ -13,6 +13,7 @@ Editor: Ian Kilpatrick, ikilpatrick@chromium.org 
 urlPrefix: http://heycam.github.io/webidl/; type: dfn;
     text: AbortError
+    text: SecureContext
     text: SyntaxError
     urlPrefix: #idl-;
         text: DOMException
@@ -41,6 +42,7 @@ urlPrefix: https://html.spec.whatwg.org/multipage/webappapis.html; type: dfn;
     text: event loop
     text: event loop processing model
     text: fetch a module script tree
+    text: fetch a single module script
     text: global object
     text: https state
     text: incumbent settings object
@@ -410,7 +412,28 @@ loops and callbacks exceeding imposed time limits.
 Security Considerations {#security-considerations}
 ==================================================
 
-Issue(w3c/css-houdini-drafts#92): Need to decide if to allow worklets for unsecure context, etc.
+Worklets do not introduce any usable API surface to the web themselves, instead other
+specifications, e.g. [[css-paint-api-1]], [[webaudio]] will extend this specification to provide
+useful functionality.
+
+Specifications which use worklets should decide if their worklet(s) should be allowed outside
+SecureContexts.
+
+Worklets load their module scripts in the same manner that workers load their module scripts. This
+fetches the top-level script by the fetch a single module script algorithm which sets the
+mode to "cors".
+
+Issue(w3c/css-houdini-drafts#378): Provide hook for downstream specifications to provide their
+    destination type.
+
+The specifications which extend/use worklets may have additional security considerations.
+
+Privacy Considerations {#privacy-considerations}
+================================================
+
+There are no known privacy impacts for this feature by itself.
+
+The specifications which extend/use worklets may have privacy considerations.
 
 Examples {#examples}
 ====================