I have been an Android-owner for about two years now, and I'm no longer fan.
$.get(), $.post(), $.getJSON()etc.) and it would be a shame if you would have to duplicate adding CSRF tokens to all your ajax calls manually or by going back to
$.ajax(), because the convenience method didn't support the way you wanted to add the token. But jQuery, being the customizable framework it is, of course allows you to add these kinds of things through events.
As programmers we often pick the easy way out, even though we often hear that we should keep things simple. Creating something simple can be hard, and creating something complex (and often buggy) is easy.
I just read Is 2011 the Year of NoSQL Data Breaches? over at Infosec Island. The article was really interesting and points out some aspects of MongoDB which I really don't like. I'm all for NoSQL databases, as the relational model does not fit well everywhere, so I'm hoping the MongoDB developers will address these issues pretty soon.
The brand new Rails 3.0 by default escapes data used in views. This is great news, because it hopefully means the applications will be protected from XSS by default, as long as you stick to the built-in helpers (UrlHelper etc.).