wikipedia appears to infers websockets
are secure:
For web browser support, a secure version of the WebSocket protocol is implemented in Firefox 6 (named MozWebSocket),[2] Google Chrome 14[3] and Internet Explorer 10 developer preview.
... Although there are no known exploits, it was disabled in Firefox 4 and 5...
but w3 states they are insecure:
Following HTTP procedures here could introduce serious security problems in a Web browser context. For example, consider a host with a WebSocket server at one path and an open HTTP redirector at another. Suddenly, any script that can be given a particular WebSocket URL can be tricked into communicating to (and potentially sharing secrets with) any host on the Internet, even if the script checks that the URL has the right hostname.
are
http websockets
(ws:) secure or not?are
https websockets
(wss:) secure or not?if not #2, are there documented prophylactic measures?