Currently we are permitting all interfaces exposed by exe:content_browser to be bound by a renderer. Instead we should use manifest capability specs to tighten this to those specifically allowed by a "web" class.