More trouble for ThirdVoice, as programmers discover that it opens browser security holes. It is possible to include JavaScript within 3V notes, which can not only display a fake page instead of the real one, it can also harvest passwords. More news at Wired