David Teller (a Xulfr member) is a researcher in the field of interaction between programming languages and security. A few days ago, he wrote an interesting post about the safety of extensions and put forward the outline of an analysis toolbox for the Javascript language. Feel free to comment.