I've seen in the docs that the config does not support imports and also uses a special function for including config from other files. Will it stay this way? And does also prevent code from loading&eval via network? Maybe flesh this out more explicitly in the security-doc. It's not quite obvious from being in-between the docs.

Also, what about 3rd-partys? Can other webextensions access glides functions? Or even worse, websites? I guess this is prevented by Firefox itself, but explaining this more explicitly might be also an enhancement for the security-doc.

I'm not entirely sure what is going to happen with imports to be honest. My current thinking is that they'll be supported eventually but that imported modules should not have access to glide APIs. For anything that does need to use glide APIs, I would support that through a separate API.

Yes eval is blocked, and extensions / websites cannot access glide APIs.

Thanks that is very helpful! Agree those things should be mentioned in the security doc.