RT @simonw: If your site returns JSONP with user-supplied callbacks it is almost certainly vulnerable to a VERY nasty new attack http://miki.it/blog...