The problem with JavaScript/AJAX/Web 2.0 security flaws is that there has been no strong message going out to software developers regarding security being their responsibility, Chess said.