Sometimes security related projects are all or nothing, while other times they might be more about defense in depth. Is it possible for this project to be developed/deployed in smaller steps that may not be 100% secure rather than a big one time thing (kind of how I interpret it right now)?
User talk:Brion VIBBER/EmbedScript 2019
Is this an all or nothing project?
MediaWiki API access
The gadgets I rely on the most are those that make common/rote edits and/or actions for me (easyblock.js for example blocks a user using one of the 10 presets available, and then edits their talk page with a block notice). It would be nice to see an Android style permissions dialog that on first write attempt, would say "easyblock.js would like permission to block users" and then when it edits the page it would say "easyblock.js would like permission to edit pages" or something.
I also think somewhere scripts should have to justify for humans why they need permissions (I've seen some good examples of this in F-Droid).