Over couple of years AJAX have become quite popular, but i feel there is a major security risk with AJAX or even with current browser model. By just gaining access to the network, you can sniff all the traffic passed between targeted computer and the server. In those log you are able to see all the transferred data in clear text (if SSL is not used), even with SSL there is chance to be able to see the traffic.
With today’s technology the last step in user authentication is placing a cookie on the client computer, and data from that cookie is transferred with every page load and AJAX request. A skilled hacker can sniff out the cookie and use it to take over the user session. After that all the passwords are use less.
I feel like for Web 3.0 there should be better and cheep way to be able to authenticate an user and store authentication token. It is too expensive for most people to get a SSL certificate, and even more don’t have access to the resources to host an secure website.