Prevent sharing application secrets with the browser
Following the discussion in !243 (comment 72350), we need a way to mark parts of an application so that they are never passed to the browser for interpretation there. This goes for both application logic (i.e., program code) and runtime memory.
We need to figure out what the different risks are exactly and how we can mitigate these. (It may be that we need several different mechanisms in place, e.g. for program code on the one hand and runtime memory on the other, and that this issue should be split up in the future.)