CSS problems in pop servers, which then make the whole domain insecure. One can force a web browser to send commands to a POP (mail) server. The POP server of course was never meant to be CSS safe. Time to put a fix in the browser? I've been telling MS for months. Update: Let's call Cross Site Scripting XSS from now on.