Unfortunately, while AJAX incorporates the best
capabilities of both thick-client and thin-client
architectures, it is vulnerable to the same attacks
that affect both types of applications. Thick-client
applications are insecure because they could be
decompiled and analyzed by an attacker. The same
problem exists with AJAX applications - in fact even
more so, because in most cases the attacker does not
even need to go to the effort of decompiling the
program. Knowing the attack surface and the
architectural weakness of a chosen AJAX framework
lays the foundation for a software architect...