Mozilla does content sniffing on text/plain if the content includes
control characters ("invalid text/plain content"). Is this incorrect?
Is it a security hole -- for example, does it introduce XSS holes or
allow executable files to be run without a proper warning?