Did I just say open up their back end? Yes, that is what Ajax will promote -- the ability to call directly to functions in the code via XML. It's so convenient! Think about this, if today's biggest security issue is developers not validating input just on the front end, what kind of problems will we have when developers have inputs on the front end and back end! This opens up a whole new attack surface.
* Ajax alert raises security, scalability issues
* Why do Web services impact security?