Matthew McCool has a few reminders for developers out there thinking of using Ajax in your applications - mainly to remember that it has the potential of adding another vulnerability to your application.
Consider a registration form built out of PHP. Any aspect of your script that accepts and processes data is a potential point of attack. If you add Ajax, what youâ€™re doing is increasing the complexity of the application and, by extension, introducing greater vulnerability. More points of entry equal a larger attack surface, and that means potential problems for your application.
He continues his login form example and mentions a few things you could do to help protect your application and its users (including using the escaping functions built in to PHP to help remove some harmful input).