Having a single entity (e.g. RenderWorkerHost or similar) will provide a single entry point from the renderer to the browser, and will scope security-sensitive checks to a single place. It will probably make it easier to handle workers in the browser in the future.

So far, there are at least two places which do something similar:
- content::DedicatedWorkerHost
- content::WorkerDevToolsAgentHost

Unfortunately, the DevTools one covers more than just dedicated workers, but also service/shared ones. This should be fixable long-term once shadow/service workers do not have a fake document.