The folks at Offensive-Security dot com published an information advisory regarding a security vulnerability associated with usage of Google gadgets. According to Offensive-Security,
The real vulnerability lies in the ability of a malicious user to add their own Gadgets on a separate domain space, without Google’s authorization…
Apparently the vulnerability STILL hasn’t been repaired, based on this Google Gadget Group posting I saw yesterday, and dated June 17 with no response by anyone in the group yet, particularly no response by an Google staff…. to be continued.