O’Reilly got burned by remote JS. Douglas Crockford’s module element would help with this sort of attack. I don’t feel so positively about all of the “Fixing HTML” page, but the module piece looks great. If only there were more details on the “common capability communication” mechanism.