It has been reported that when a SVG document which is served with Content-Type:
application/octet-stream is embedded into another document via an <embed> tag
with type="image/svg+xml", the Content-Type is ignored and the SVG document is
processed normally. A website which allows arbitrary binary data to be uploaded
but which relies on Content-Type: application/octet-stream to prevent script
execution could have such protection bypassed. An attacker could upload a SVG
document into a malicous page on another site, and gain access to the script
environment from the SVG-serving site, bypassing the same-origin policy.