If you spend a little time looking into the online literature for the Cross-Site Request Forgery (CSRF) exploit, you might get the impression that Web 2.0 has opened up an appalling can of security worms. In some ways this is true, but in other respects what we are seeing [...]

Everyone knows about the sharp trade-off that exists when using SSL: You get the security of an encrypted connection but you pay for it with a significant performance hit. Servers work much harder, and pages load much slower. SSL processing consumes about 70% of HTTPS transaction time