Unauthorized access using non-interactive iframe embed

The html5 URL parameter should not be used. It’s an undocumented option there to enable a proof-of-concept version of the html5 player. The html5 beta is available for everyone now so let the user choose.