As part of an effort to make its Web site more dynamic, Choice Homes is using AJAX-like functions in Adobe Systems Inc.'s Macromedia Flash Remoting technology to present property-related information from its back-end servers. But the company is taking care to ensure that no business critical data is exposed, "so we've really had no reason to lock it down," Farmer said.

"AJAX and security is something that brings fear into a developer's eyes," said Eric Pascarello, co-author of AJAX in Action and moderator of Javaranch.com a forum for Java developers. But the fact is that a lot of the security concerns are not unique to AJAX, he said.

One of the biggest mistakes is the failure to validate data on the server, Pascarello said.

"What you need to fear is stupidity by a developer," he said. "The flaw is in developers trusting the data that is being sent from the client. Anyone should know that the data can not be trusted."