Fukami has published a post to The Web Security Mailing List outlining some risks with Adobe's AIR platform.
I can tell you first hand that these sorts of applications are going to start popping on on many large sites in the next
year….
"In general every file on local file system can be accessed by AIR
apps. This includes reading, writing, appending or deletion as well as
testing for file and directory existence. Another interesting feature
is the possibility to overwrite calling files inside compiled AIR
application during runtime."
Post Link: http://www.webappsec.org/lists/websecurity/archive/2007-07/msg00001.html
