[yaix]

Attacks: I would guess that is dealt with on a netwok level for all of Google, not individually per app.

Plugins: Just drop the external sources that change their APIs.

Accounts: Accounts are managed by Google Accounts, not by individual apps.

iGoogle is mainly a client-side script that displays small amounts of data. Still think there is not much "maintaining" to do.

[Daniel_Newby]

It is client side in the www.google.com domain. Meaning it can potentially attack other services in that domain like, oh, most other Google services. You'd want more than just a lone intern watching over it in his spare time.