The way code signing works on the iPhone is that only pages [in memory] that come from signed applications can be executable. If an app tries to make a writeable page executable, it cannot. However, for JIT, this is exactly what you’d like to do.
iOS 5 gives home screen webapps the same executable permissions as Mobile Safari, fixing this issue. Sadly, 3rd party app which use the UIWebView are still unable to use Nitro for the same security concerns. For example, a browser within an app, like some RSS readers or Twitter clients. Graham Lee explains: “…code injection in third-party apps doesn’t just allow Nitro to work, it allows any code injection mechanism to work…“. Of course, such security holes would be wonderful for the Dev-Team, but not-so-good for Apple’s PR department. If Apple does eventually find a middle ground between speed and security, we may see a fancy iOS 5 delta update that allows Nitro in 3rd party apps.