There is a complete lack of guidelines for AJAX.  This document will provide a starting point for AJAX security and will hopefully be updated and expanded reasonably often to provide more detailed information about specific frameworks and technologies.

These guidelines have been moved upto OWASP.