I am here asking you if I should be worried about that. I do, however, use Tampermonkey actively, and for Tampermonkey to work it needs the same permissions Stylish does. When you do that 'trick' (var script document.createElement('script'). Its not really that big of a deal for me, since I dont really use Stylish anymore, and the only reason I did was rendered null with WebExtensions. It might work using the Tampermonkey extension on Chrome, but Im not going to double-check that right now. Moreover, the script is triggered correctly for that person on some other URL where it should be triggered (so it is not like, for that person, the script is not working at all). That said, the version of your script that used unsafeWindow should work on/in Firefox if implemented correctly. I have no idea how to debug such a problem and whether this should be considered as a bug I should report to the Tampermonkey developing team: it is as if the URL were not matching the instruction (but it is matching for all other people that tried so far). If you have at least one grant directive other than none, that will activate Tampermonkeys sandbox. Someone complains that the script is not working for her: indeed, she has Tampermonkey installed, the userscript installed and active, and while the very same userscript was running fine on the very same URL for all people I talked so far, it is not triggered for that person (when clicking on the Tampermonkey icon, it says that Tampermonkey is active, but 'no script is running'). I develop a userscript to be used by a few people in my company.