Cross Site Request Forgery

The downside of having a popular web app is that you're more vulnerable to various types of attacks. Jeff Atwood talks about XSRF.

Here's a paper on how to defend against it.