[AnimationSmoothness] Frame times reveal new privacy/security information

[progers]

The fact that a frame is (or is not) presented reveals new information to javascript. For example, imagine a root page (A) with a cross-origin login iframe (B): script on A can listen to the timing of the frames produced by B, and infer information about the password from the timing of the user's keystrokes. Another scenario is spellcheck: a page can toggle the spellcheck field of an input element and learn whether a word is misspelled based on the presence of a presented frame (for showing the spelling underline), and this contains information about the user's spellcheck dictionary. This information is not in requestAnimationFrame today because requesting a frame causes a new frame to be presented.