You may have heard that Google is hosting a number of Ajax APIs, including jQuery, prototype, script.aculo.us, MooTools and dojo.

Ajaxian actually has a good write-up of the benefits of this hosting. Long story short: Google's servers do caching and gzip compression as good or better than most of us know how to do, plus their web hosting is collocated and fast. On top of that, if we all were to get our sites to use the copy of jQuery on Google, our users will be more likely to have it cached before they ever visit our site.

To get started with jQuery 1.2.6, for example, you could just use this script tag:

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js"></script>

For other libraries and library loading techniques, check out the documentation.

All of this is really great, and I plan on using it on production sites in the future.. but can you spot the security hole this creates? How hard would it be for some disgruntled employee of Google to slip a few lines of evil JavaScript onto thousands (millions?) of web pages? Thankfully, Google's reputation is on the line as well, and I surely trust them to protect that!