Why cross-chain DeFi in your browser suddenly matters (and how to not mess it up)