"I think there is an inevitable tension between security and functionality, especially in web apps. For example, the "single site rule" was created to plug cross-domain scripting attacks, but developers are actively trying to find ways around it so as to make their applications be able to dialog with multiple data sources." - David Semeria