If you are a techie, I highly recommend you look at the presentation "JavaScript malware just got a lot more dangerous" by Jeremiah Grossman and T.C. Niedzialkowski from WhiteHat Security, Inc. An MP4 recording of the demo is here.
Wow, is this scary! They are demonstrating how to completely hijack a user’s browser session without the user noticing, and running things like keystroke loggers right in the browser, re-configuring the user’s firewall, attacking other servers on the user’s intranet, print on the user’s printer, and sweet stuff like that. Without using any browser exploits! And without leaving any trace because the JavaScript and other content just goes away after the browser is closed.
Missing 10,000 dollars in your bank account, but your bank’s website says it’s still in your account? That’s the kind of thing …