Moshe Weitzman wrote:
We learned the hard way with xmlrpc.
Not really. Code that was written by us has had loads of vulnerabilities as well. One might argue that 3rd party code like prototype is likely safer since it has ben exposed to more eyeballs.
Not necessarily more eyeballs than xmlrpc. Prototype is a one-man show, as far as the code development goes, just like xmlrpc was. I recently reviewed 5 different Javascript libraries for implementation of AJAX features. They were all over the map, which to me says that the best practice or common idioms have not been established yet. Would tying Drupal to just one of a variety of competing ideas on how to implement such a library at this point be a good idea? If so, prototype's code is at least brief (not heavy like some libraries I've seen) and clean appearing.