[whatwg] JSONRequest

[Douglas Crockford]

 > The mimetype you're defining, because it is new, pretty-much ensures
 > no existing service behind an intranet could be affected.

 > I could still envision one day developers setting-up JSON syndication
 > services behind an intranet, not quite grokking the fact that their
 > data is now accessible from outside of their intranet. Silly, i know
 > but ...

It is a concern. The only solution to that that I can see is education. When 
choosing a technology for a service, whether SOAP or REST or JSONRequest or 
whatever, you need to understand the pros and cons. A con with JSONRequest is 
that if your are incompetent in determining your authentications, then data may 
leak. For that reason, some people might choose to not use JSONRequest, and I 
could support such a decision. But for people who want to use it (and that 
includes me), we must be prepared to design our systems correctly. I know this 
is a controversial position.

http://www.JSON.org/JSONRequest.html