When a node is adopted into another document without first having a JS wrapper, its wrapper could be created in either the original document's or new document's global object depending on how those nodes are accessed.
Created attachment 286353 [details] Demo
In this demo, a div element is created in document A, and span and b elements are created as descendants of the div via div.innerHTML. The div is then adopted into another document B. When accessing the span and the b elements in document B, the manner of accessing those nodes determine the global object in which the wrappers are created. If we're creating via .firstChild or any other property or any method of the div, then we'd create a wrapper using document A's global object. If it's done via properties or methods on any other object whose global object is that of document B, then we'd create a wrapper using the global object of document B.
I think the best way to fix this is probably to eagerly reify all wrappers when adopting a node between documents.
Created attachment 286622 [details] Patch
Comment on attachment 286622 [details] Patch Oops, wrong bug.