I suspect not, but unlike Google, MySpace, Bebo, Hi5 and maybe even Facebook I’m not in the loop on this Open Social thing so I certainly don’t have the whole story. You see, something is really bothering me…
Much of the coverage of Open Social has focussed on developers being able to use “normal” JavaScript and HTML to develop their apps. However, FBML and FBJS, combined with Facebook’s limited indexing on Google, actually do us a favour:
- Stop application formatting bleeding between apps.
- Stop applications being able to control each other.
- Protect users against malicious scripts.
- Only execute scripts in a confined environment that you are unlikely to stumble upon within an normal websearch.
- It’s Facebook’s responsibility to parse our code to ensure it’s not malicious.
I’m going to trackback this post to a few big bloggers in the hope I’ll get an answer in the comments, because I can’t find any answers to these critical questions anywhere on the web.
The thing that bothers me most is that Google doesn’t exactly have a great reputation for quality secure code and attention to user privacy. Do I need to be turning off JS in my browser? :S
Edit: LMAO, turns out I was probably right. So, folks, let’s all welcome in a new era of totally shit web security. Hurrah for key-loggers! Hurrah for hackers being able to re-use old tricks without needing to think!
Good grief! :S
Jof Arnold's Blog 
My thoughts exactly.
yeah agreed… see arrington’s recent post on plaxo profile hacking, also nick o’neill’s thoughts on same issues.
i’m sure they’ll figure out some workarounds, but it is a big hairy issue for OpenSocial to figure out.