Linking to my Ajax post, Abhijit Nadgouda points to another good writeup on Ajax and security: Brent Ashley's Shaping the Future of secure Ajax Mashups. The long-term solutions sound good, but do cross specification and even organization boundaries, which leads me not to hold my breath waiting each.
It's good to see these discussions. I think that O'Reilly is working on a book devoted to Ajax security. As soon as I have a title, I'll put up a link.
Definitely check out the long list of resources at the end of the article.
