My experience traveling over the last decade has, unfortunately, been quite the opposite. Corporate policy and all.

While normally luggage is a bit larger than the dimensions above, the ones above are about the right size to fit on most aircraft. The length of about 21" isn't the problem usually -- it's the other two dimensions. A bag of size 21" x 13" x 7" will fit in the overhead of a Bombardier CRJ200/400/700/900 (fits the long way), which used to be the problem size for me. Gate agents will still insist you tag it for gate check, but the flight attendants usually recognize your bag will fit, if you have one of the models popular with airline crew. I've seen a few rare TravelPro or Tumi bags of small enough dimensions (sorry, don't know models), but the one used more often by pilots (or at least by Delta pilots) and flight attendants in CRJs is the LuggageWorks Stealth 22" 737 Pilot. The "737" in the model name is important to get the right dimensions. It's a little expensive and heavy, but if you travel every week you may also be willing to endure this for a bag that actually fits and doesn't fall apart on you after two or three years of heavy travel like the ones from Target.

As long as he was only using a program to "scrape" and "back up" the data, everything was fine. So it's after he "backs up" the data and takes it with him, when he chooses to "collect" it (you know, when he actually opens a file and views it) without proper "need to know" that there is a problem, right?

Of course the NSA is most definitely not performing mass data collection ... they're choosing to "scrape" and/or "back up" our data.

I haven't heard of this technique actually being used in the wild, but it's enough of a threat to be included in the standard security training everyone has to take for at least a few Fortune 500 companies -- it's why some companies (and the U.S. military, I think) may disable USB ports. Trying to get at potential targets through standard attack vectors may not be effective, so if you have a financial backer this may present a promising attack vector that greedy targets may enable. The book "Security Engineering" cites this web site (had to find via archive.org) where a consulting company found out people inserted the USB sticks under slightly different circumstances: http://web.archive.org/web/20090621014856/http://www.vnunet.com/computing/news/2173365/uk-firms-naive-usb-stick

Shareholders ... good point. I just checked dividend yield for some of these companies. Holy crap! I'm sticking with my prepaid phone w/o data plan, might be buying some stocks to profit off everyone else now. Mua ha ha!

JavaScript is typically used in client-side web programming like you mentioned, but there have been many other applications of it. Since you're a Java programmer, an interesting exercise may be to try and write some JavaScript to run on the JVM. Java 6 includes a customized version of Rhino as a Java Scripting API (JSR223) engine for JavaScript. You can invoke JavaScript from the command line using the jrunscript command that's now part of the JDK. I've been toying around with this just to learn the JavaScript language. Just to warn you, dealing with Java's method overloading and reflection can be painful in JavaScript.