nsIMsgComposeSecure is not scriptable. However, I went through the code and did not find a reason why this would need to be. The API is required for Enigmail for message sending,
Created attachment 671798 [details] [diff] [review]
I tried the patch successfully with a simple JS implementation, thus I see no reason why the API should be [noscript].