My site, DeliTag, is being flagged as suspicious by IE7, likely due to the username and password fields for Delicious. I've created a privacy statement to address concerns about how this information is used. In short, the credentials are passed directly to Delicious without any further processing. The transmission is unsecured, mirroring Delicious's own security. The privacy statement at http://www.kinlan.co.uk/Deli/DeliPrivacy.htm offers more details. Please contact me with any questions.
This post discusses the security implications of cross-domain XMLHttpRequest access. While some argue that such access increases the risk of phishing attacks and unauthorized data access, others contend that these risks are minimal and that the benefits of cross-domain access, such as reduced bandwidth costs for "mash-up" applications, outweigh the potential downsides. The current security model, which requires proxying requests through the originating server, is seen as costly. I propose a server-side security model where third-party servers can control which clients can directly access their data, addressing the bandwidth theft concerns.
