@anonymint Replying over here because we hit the comment depth limit.

An attacker wouldn't be able to intercept the actual dialog from the browser and input the PIN to authorize the transaction programmatically.

The very best they could do is push a dialog and try to collect the information themselves. But that would do them no good because the webworker is a process isolate.

If done correctly, it wouldn't be frequent enough to be a major irritant. Just something to notify them that someone has sent a message to the worker requesting a signature. It couldn't just be affirmatively dismissed. They would either need to input the PIN or decline the transaction.