For Cashu mints etc., there is no need for a browser. You do need TEE resolution (node in TEE) instantly processed via DVM or API though, that's my point.
You can generate DANE-EE certs, which are better than CA TLS certs.
Discussion
To add, what does the āSā in https even mean? For most people it means secured by TLS as attested to by a Certificate Authority. Which in the nostr scheme of things should raise eyebrows.
DANE-EE is about self-signed authentication for TLS as the secure tunnel itself. But you still have TLS with Handshake, it's just via DANE-EE, which is an objectively more secure way of going about it, given that DNSSEC is baked in all the way through.
So any argument that HNS isn't inherently secure doesn't hold up, at least for headless client-to-server or server to server where you don't need certificate authorities or Chromium devs on your side.
That said the Handshake chain itself is not so healthy, which is another matter and is the real reason to go and look for something else.