As the dust began to settle, a debate began, refracted through the lens of ideology. This time there was no Microsoft to blame. The open source underdogs had done this to themselves. And while some would argue it wasn't Firefox's fault -- since Greasemonkey is a user-installed extension -- Firefox took its share of the blame, just as Internet Explorer does when its add-ins cause trouble.
Two familiar threads wove through the ensuing discussion. First, there was the perennial complaint that AJAX-style scripting is inherently dangerous and should always be disallowed. This objection has merit, but it applies equally to other forms of browser augmentation, including ActiveX, Java, and .Net. A thicket of thorny issues surrounds this scenario. How, for example, can users evaluate the trustworthiness of plug-ins or the developers who create them? How can sandboxed environments sufficiently empower developers while preserving meaningful isolation of risk?
There are no perfect answers to these questions. At the moment, we don't even have good ones. If you, therefore, decide to reject all rich Internet application scenarios that add risk, I won't try to talk you out of it. Extreme conservatism is a valid stance. If, however, you believe the benefits ultimately outweigh risks, and that we can work through the issues, then let's consider the second thread woven through last week's discussion: the techniques and mindsets that open source developers and Microsoft developers bring to matters of security.
You want to read the rest of it, because Jon highlights some points about open source and Microsoft that a lot of people would prefer not to hear.