Users are demanding rich, interactive browser-based applications. Security administrators require these applications be secure on both ends of the wire. Server and systems administrators insist that the application not consume more than its fair share of resources, and network administrators are eyeing up your application and calculating the charge-backs with a gleam in their eye, wringing their hands gleefully while anticipating the probability of funding their next upgrade based solely on the cost of bandwidth needed to deliver your application.
While Web 2.0 technologies like AJAX ("Asynchronous JavaScript and XML") provide the means by which you can satisfy the demands of your users, these emerging technologies can also have far-reaching consequence in terms of security and performance. Advocates of Web 2.0 technologies like AJAX like to point out that AJAX requests are typically smaller than their traditional HTML counterparts, but they forget to mention there are more of them, more often. Developers using JSON ("JavaScript Object Notation") as their protocol of choice to exchange messages between the browser and the server like to claim it is a "fat free" alternative to XML, but in reality the FDA would call them out on that claim, not to mention the security risks inherent in using JSON that aren't present with its XML counterpart.
With more data being exchanged at a faster rate, no standards support, immature toolkits and human-readable application logic, AJAX has a plethora of application delivery and security hurdles to overcome. AJAX isn't going away. In fact it's being adopted at an incredible rate by internal developers and ISVs alike, therefore addressing the performance and security concerns of this fledgling technology is necessary sooner rather than later.
The key to a successful deployment is to understand and address the performance and security issues up front, rather than taking a laissez-faire approach to the whole thing and waiting until someone complains or disaster strikes. By understanding the challenges inherent in Web 2.0 technologies like AJAX you can avoid the performance and security pitfalls that may crop up along the way.