Good news: Security innovation spreading...

Version 4 of the Safari web browser now supports the HTTPOnly directive for cookies introduced by IE6 SP1.  Now, all major browsers support the directive, which can help mitigate the impact of XSS exploits.

Safari 4 also now supports the X-FRAME-OPTIONS directive introduced by IE8 to help sites prevent ClickJacking attacks.  At the moment, this protection isn't yet available in Firefox unless you install the NoScript addon, but it looks like Mozilla is working on it.

-Eric