- "chrome": the browser itself and any extensions that are installed. These can essentially do anything.
- "web": HTML/XHTML/XML/etc pages loaded in a browser window. These have limited privileges - they can't read information from different domains, access local files, or call any of the "chrome" functions.
watch() to see when an object changes). There are also security hazards to bear in mind when using the sandbox - for example you shouldn't trust the properties of any object in the sandbox to remain unaltered.
A lot of the practical effects of using XPCNativeWrappers are explained in Mark Pilgrim's Avoid Common Pitfalls in Greasemonkey, written a couple of years ago when Greasemonkey was altered to make use of XPCNativeWrapper in order to avoid security holes.
Opera, Safari and IE all have either built-in or third-party support for user scripts, but no details on whether there's any kind of secure sandbox in which they're executed.