I've never been much on centralized contact managers like Plaxo. Why would I want to outsource all of my contacts to some company in the naïve hope that they won't hose me? Turns out that this may have been a legitimate concern; this describes a trivial script injection attack against Plaxo that lets an attacker 0wn your contact data. Oops. So, if you're using Plaxo, you should probably stop.