Today I got a creepy browser-level password prompt while browsing my feeds. Firefox exclaimed that it was from another site, but it was somewhat annoying and alarming to discover that sort of thing could even happen. It was caused by a story having an iframe that contained a link to an image that returned a 401 Unauthorized status with a WWW-authenticate header. This was only possible because the iframe made that image request a same-origin request.
I don’t actually want iframe content to show up in Feed View, and I’d appreciate an option to turn it off. It’s a bit of a security & privacy concern, and I wouldn’t be surprised if it could be a performance issue as well.