"Now that Web 2.0 hype is at full tilt, much ado's being made over Ajax framework vulnerabilities and other new-fangled bugs. A prime example of this phenomenon is the spectacular Javascript hijacking vulnerability discovered by Fortify Software (login required). Every security bug like this deserves some ink, but too much focus on bugs may cause many security-minded developers to miss the big Web 2.0 security picture. Developers darn well need to be concerned about security bugs when they wield Ajax, but they also need to think very carefully about trust boundaries."

Paper Link: http://www.darkreading.com/document.asp?doc_id=125931