Since Ajax Web applications exist on both the client and the server, they include the following security issues:
- Create a larger attack surface with many more inputs to secure
- Expose internal functions of the Web application server
- Allow a client-side script to access third-party resources with no builtin security mechanisms
AJAX implementations require a trust relationship between the client and server — a relationship that can be exploited by an attacker...
Read the whole, excellent Article "AJAX Security Dangers" by Bill Hoffmann.