This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Three that pop to mind (aside from Ajax) to think about:
1) Linking to script libraries on other sites: make sure you trust the script you're using!
2) Using JSONP to load scripts into your page; just like (1), make sure you trust the web service you're using.
3) Using eval without checking what you're eval-ing.