Just saw this nice demo of the a:visited browser history security issue in action. Visit http://startpanic.com/ and click “start” to see it in action. More info about this security hole here: http://www.merchantos.com/makebeta/tools/spyjax/ Fred