from_future_import has a post stating that Fortify’s recent Ajax alarm is more FUD than fact. Money quote in this one:
Was it FUD or fact? A bit of both. The benefit of the paper is the fact that unlike other discussions on these issues, it was written in plain English, diagrammed, and not meant to be understood only by insiders. Perhaps if more Ajax developers would adopt the same approach to documenting issues, concerns, and examples, documents such as that given out by Fortify wouldn’t get the audience.
Or we could all use XML, only (she says as she ducks and runs…)
While I was in the neighborhood, I picked up a couple of other links in comments:
(Thanks to Michael Bernstein for link)