On the PHP Security Blog, there's three new posts that Stefan Esser has written up that demonstrate some of the more destructive uses of Javascript that he's found:

• JavaScript/HTML Portscanning and HTTP Auth
• Bruteforcing HTTP Auth in Firefox with JavaScript
• JavaScript Scanning and expose_php=On

While the first two are interesting, it's the last of these that most directly applies to PHP. He gives a simple "proof of concept" that checks to see if the embedded image is the correct "size" to be related to a webserver running PHP with the expose_php setting set to "on".