The fear is that, while the current exploits are annoying but not especially dangerous, the same method of triggering Javascript code could be used for more nefarious purposes. Users could be ...