Low trust as in intended to be used by 3rd parties without Javascript or any form of attestation. Like the Wii U client or I think the iframe embeds at one point.

(maybe they've all been killed by now, I haven't been paying too much attention...)