As suggested in the conversation of  issue 683797   #9 :

One of the feature requests that we've considered for downloads in the past:

* Override auto-open / danger level -- possibly per origin.

  We disallow opening some file types automatically. Folks have asked for overrides for enterprises in the past for file types like .jnlp and even .exes.

  Enterprise would like to control the danger level of files downloaded from private networks as a policy. Once SB is disabled for a download, it automatically falls back on the dangerous file list for deciding when to prompt users for dangerous downloads. Admins want to be able to disable prompting for executables and other files that are deployed via their intranets.

This (and related  issue 723658 ) will likely rely on some concept of a 'private' or 'safe' network with additional restrictions. E.g. foo.example.com is safe iff when talking over https. 

On Windows we could potentially derive this concept from IE's 'Intranet' zone settings. Doing so has the advantage that the mark-of-the-web annotation for executables and other file types would be consistent with Chrome's dangerous file handling. Without this, we could end up in situations where Chrome doesn't prompt for a whitelisted download, but Windows does. Thus forcing admins to keep two sets of settings in sync.

[note that the * Disable SB pings for downloads from private networks. also suggested in the original comment, is taken care of in  issue 723658 ].

I think that preventing the warning for dangerous file types should be easy to add, but allowing auto-open for these file types would be trickier, since we wouldn't want to auto-open files of these types unless they come from a trusted network so the UI becomes confusing. Right?