Users are demanding rich, interactive browser-based applications. Security administrators require these applications be secure on both ends of the wire. Server and systems administrators insist that the application not consume more than its fair share of resources, and network administrators are eyeing up your application and calculating the charge-backs with a gleam in their eye, wringing their hands gleefully while anticipating the probability of funding their next upgrade based solely on the cost of bandwidth needed to deliver your application.
With more data being exchanged at a faster rate, no standards support, immature toolkits and human-readable application logic, AJAX has a plethora of application delivery and security hurdles to overcome. AJAX isn't going away. In fact it's being adopted at an incredible rate by internal developers and ISVs alike, therefore addressing the performance and security concerns of this fledgling technology is necessary sooner rather than later.
The key to a successful deployment is to understand and address the performance and security issues up front, rather than taking a laissez-faire approach to the whole thing and waiting until someone complains or disaster strikes. By understanding the challenges inherent in Web 2.0 technologies like AJAX you can avoid the performance and security pitfalls that may crop up along the way.