AJAX Programming and Potential Security Risk

A recent Computerworld article by Jaikumar Vijayan warns potential security risk with AJAX programming. Citing the research work done by Billy Hoffman, lead research and development engineer and Bryan Sullivan, development manager at Web security vendor SPI Dynamics Inc. in Atlanta, the article points out that poorly implemented AJAX code may allow malicious attackers to change the order of code execution, to perform such actions as changing certain parameter values or skipping certain program calls, or even inject malformed SQL queries and compromise applications. I will be interested to see the demo that Hoffman and Sullivan presented at Black Hat USA conference.