This is extremely frightening - Greasemonkey allows a malicious site to read any file on your computer! You’re only vulnerable for the sites listed in your included pages, but of course by default this is “*” - every site, unless the author has changed it. I knew there was a reason I never enabled scripts for all sites.

Javascript, ajax, xmlrpc, etc seems like the next ripple in the ever-widening pool of web application security. (How poetic…)

Update: lol, there’s already nomoremonkey apparel. Poor little frowny guy.