As Eric stated in the previous post, there are no new security threats introduced by Ajax. As the XMLHttpRequest object (the core of AJAX) exists since 1999, we can say that the security has been around since 7 years now. And nobody has really complained about it. Some of us have used OWA (Outlook Web Access) and didn't complained about security threats. Well, OWA is using the XMLHttpRequest object and thus AJAX since the beginning.
Here is an exercpt from the book about this topic:
"Internet Explorer is a friendly kind of web browser; which means that is arguably less secure, but more functional. It has a security model based on zones. The four zones are Internet, Local intranet, Trusted sites, and Restricted sites. Each zone has different security settings, which you can change going to Tools | Internet Options | Security. When accessing a web resource, it will be automatically assigned to one of the security zones, and the specific security options will be applied.
) resources, and will ignore completely requests from scripts loaded through HTTP, unless these scripts are signed (these are the default settings that can be changed manually, though). Learn more about signing scripts for Mozilla browsers at http://www.mozilla.org/projects/security/components/
I hope that this answer along with Eric's answer give you an idea on how AJAX is handled in security scenarios.