i've put an issue up on the nips repo because i think that if it's required for web browsers it should say as much in the spec so that people deploying NIP-05 services are alerted to this issue

otherwise we are letting down web app users with the whole purpose of the thing being to impersonations and fraudulent user metadata