Two implementation risks to keep in mind: 1) Both jar: and mhtml: (which work or worked in a very similar way) have caused problems in absence of strict Content-Type matching. In essence, it is relatively easy for something like a valid user-supplied text document or an image to be also a valid archive. Such archives may end up containing "files" that the owner of the website never intended to host in their origin.
2) Both schemes also have a long history of breaking origin / host name parsing in various places in the browser and introducing security bugs. /mz
