The problems may be entirely due to my paranoia which assumes the host cannot be trusted so communications must be done in such a way that the host gains limited information even when compromised.
That's my goal too!

The front end definitely should be open sourced and flexible, I was thinking more of a reference API built on top of library of core functions. This would allow custom front end by implementing custom top level functions to replace the reference API without the need to change the core functions. The core functions could be hosted on public servers, which reduces the amount of "suspicious" code to be verified to only the custom frontend.
Right, a sort of 3 tier approach: data backend, Javascript core functions, presentation front end.
The presentation tier should allow anyone else to play with the UI without changing the core security.
We might be getting seriously off topic for this sub-board though

Should this go to a development thread? I started the post here as a very general topic that I think is of interest to the community- how does the community move forward with web services they can trust?
But if we can get some like minded developers who also are thinking of this open source in browser concept, lets take it somewhere and start the serious nerd talk
