Security has always been a issue in newly popular technologies. But if you look back in time, you'll find that most of the tech(s) become popular due to one of the two reasons - either ease of use or ease of development and AJAX looks just too good to dump(for users) which automatically means that it'll stay in demand whether the security is there or not. So my guess is that ways of coding in AJAX will continuously improve as happened in all other langauges too (inlcuding JAVA) in a short time to come. So expect tools and coding guidelines for AJAX based applications coming out very soon. Till then just chugg along!!