If you install desktop, iGoogle, dashboard or whatever widgets, be really careful about what they do, especially for things that you give your usernames and passwords to.

For example, this facebook Dashboard widget asks for your facebook username and password, which it uses to fetch a document like this:

http://cjbeauchamp.com/widget/codes/facebook/main.php?email=nicholas@aquarionics.com&pass=[YOURPASSWORDISHERE]

…which it then uses to screen-scrape Facebook for the information it needs. Also, as a side effect, your facebook login is now in a log file on Mr Beauchamp’s server (The weblogs, if nothing else). Now, I’m sure the writer of this is entirely honest and would never do anything with all this information.

But if it’s a shared box? Or someone breaks in? Or what about any other widgets you’ve got installed?

You must be entirely sure about any software you give your usernames and passwords to.