Recently eWeek published an article on vulnerability in Web 2.0 application through JSON hijacking. This article references a study done by Fortify on AJAX vulnerabilities. The Fortify study targets specifically Yahoo UI, Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Rico and MochiKit as AJAX frameworks susceptible to JSON hijacking.

In all of the "Web 2.0 buzz", security is probably not among the top considerations for AJAX frameworks, but is one that could potentially come up and bite you later.

ASP.NET AJAX 1.0 has some built-in security components that help protect against security issues like JSON hijacking. Scott Guthrie has a blog post on this that delves into some details.