You can always do this kind of stuff with cookies. (Score 1)

In most cases a vulnerability like this will not significantly increase your risk of exploitation as most web sites store passwords in cookies anyway, which are supposed to be readable by javascript from the originating site. If I can run a script on a myspace profile that you visit I can get your password from the cookie that myspcace stores on your machine.