Timezone may leak from XSLT Date function

Looking at the patch for document.lastModified, I looked at all the uses of PR_LocalTimeParameters and found this one that looks sketchy.

My concern would be that an attacker could render a XSLT document using a function that formats a datetime; then reads that XSLT document (cause it's same origin) and gets the timezone out.