+1. Valid point but this is a bit different to what I was referring to and is an insecurity in the browser rather than the application. Still, fair point. I was mainly referring to people validating input only on the client-side, redirecting people away from private parts of the site using JS or meta redirect (last year I had to maintain a site that used this), etc.
