RT @igrigorik protip from google security.. XSS and XSRF is responsible for large majority of exploits - check for those first h/t @minddog