You can embed qt in a way that quicktime movies can't execute javascript. It really was the fault of Myspace (Ebay and others) to not check for that. If you allow users to embed things that can execute Javascript, it is just a question of time till some of them will use that feature to read out account cookies from other users. Guess why FK does'nt allow Flash sigs.
Fredi
