I'm not sure what the panicking would be about being able to move the cursor inside the website.
I had assumed there would simply be Javascript calls for this. — how is it a problem that this be possible? that it can make one click on links that can be activated with Javascript on their own already?
Of course it could move one's cursor outside of it's own rendered page that would be problematic, but this trick cannot simulate that either.
There are no web apis to move a cursor within a web page. That means if you see a website moving your cursor, you see a website doing something it's not supposed to be able to do, and there's no reason to assume that that ability would be limited to the browser window or merely one tab in the browser. (Of course this website does not move your cursor.)
It's extremely easy to check because the effect stops outside of the website window itself or when the tab be switched?
And even if there is no a.p.i., when a website does it via some creative hack then one can assume the hack is most likely to work inside it's own window only.
And finally, how would the average layman no there is no such a.p.i.? even the expert could not be sure it wasn't added yesterday.
I really cannot see why the first response would be to panic and think the website somehow found a way to tell the web browser to make X11 calls to move the cursor, which is quite unlikely; the first response would be that there is an a.p.i. to move the cursor inside of it's own window, which is harmless, and after that that there is a creative hack to simulate it, and again, it's very easy to verify whether the cursor can be moved by the website once it leaves the browser window, and it cannot.
I had assumed there would simply be Javascript calls for this. — how is it a problem that this be possible? that it can make one click on links that can be activated with Javascript on their own already?
Of course it could move one's cursor outside of it's own rendered page that would be problematic, but this trick cannot simulate that either.