Putting all the server/database exploits aside. The whole client process of pushing a value in and seeing if it breaks will never go away. Web browsers are one of the worst possible tools to secure. The nature of their job seems to predict failure. As soon as some creative web monkey pushes the envelope another exploit is found. The Gecko and Trident engines can be pushed to break over and over. Chrome and Safari are not any different. You can follow the standards as much as you like. At the end of day these tools are reading XML and Script and rendering/compiling. If you consider a browser for what it is, most of them have come a long way. I remember when a harsh sneeze would cause catastrophic failure and crashing =)