would be good to get some information about our web wallets. Sop @svk how is the situation is bitshares save?
The openledger web wallet is less vulnerable, because BitShares doesn't have to display lots of user generated content.
The principal risk remains, however. If someone manages to sneak some JavaScript code into the site, then your keys will be compromised.
Hm, now that I think about it - the memo is user generated...
@svk please confirm that the memo field is properly escaped.