“It’s easy to get caught up in the dynamic potential of Ajax.
But with innumerable possibilities also comes increased risk. If
security isn’t a major concern, it should be.“Consider a registration form built out of PHP. Any aspect of
your script that accepts and processes data is a potential point of
attack. If you add Ajax, what you’re doing is
increasing the complexity of the application and, by extension,
introducing greater vulnerability. More points of entry equal a
larger attack surface, and that means potential problems for your
application…”