IT Observer has an article on
AJAX Security. I think the article in general is a decent high level overview for various things AJAX programmers should keep in mind.
In reality, programming AJAX applications is no different than programming any other application. The biggest difference is you will probably be dealing with a very high volume of external data with AJAX. Most traditional applications have well defined points of entry for external data. Many AJAX applications I've seen don't. This doesn't mean security is harder with AJAX, just different.
The little bits of AJAX I've toyed with (which is fairly minor), it is possible to define your points of entry. You just have to be aware of what's going on and where your data is coming from. I'm sure that many current AJAX applications will go through their growing pains (as many PHP applications still are), but I see great potential in AJAX web applications, so I look forward to them.
