I don't think this is what Google had in mind when it revealed its plans to "go open." Bedford has just revealed three vulnerabilities on Google, the first of which is in the Blogspot polls feature. The 'font' parameter was not being cleaned before being used inside of a STYLE tag, so the IE expression and Mozilla's -moz-binding could be inserted. This little bugger has been fixed. But the other two, which pertain to the personal data residing in your Gmail account, haven't been so lucky.
One will show your contacts, and the other will make Gmail forward all new emails to a separate email account. This requires no user interaction, but you'll need to open a website while still logged onto Gmail. These vulnerabilities can be displayed in IE, Konqueror, Opera and Firefox. Bedford recommends using Firefox + NoScript in order to avoid susceptibility. Bloglines seems to be having an "open" problem today, too.