though vulnerable, couldn't one see that the page changes (refreshes, redirects, any change)? Shouldn't one be suspicious of this, especially on a trusted page? when I tried the test on secunia, I could tell that the page was changed (not because of the content). Could this exploit be made to change faster or in a more subtle fashion? idk, I say the effectiveness of this exploit against a user with a good head on their shoulders is limited. Am I missing something?