[ashrk]

I think a hypertext browser that, by default, lets any document you load also spy on your session as clearly as if there were a camera over your shoulder is nuts, but inevitable without harshly crippling any document-accessible scripting language available. Which is what should have happened. Most of the best things that JS provides from a user perspective could have been added to HTML and browsers themselves, e.g. better file/image upload, better tables, frames that don't suck, field validation. Mixing "apps" indiscriminately with hypertext browsing has left both in a pretty bad state.