The guys at DigitalCreations have discovered a Web security hole that allows malicious people to use redirects to cause users to unknowingly perform actions on sites that they have access to. I need to look into this hole more deeply before I understand it, but it sounds like it would be fairly difficult to exploit.