Is getting JSON data with jQuery safe?

Question

JSON allows you to retrieve data in multiple formats from an AJAX call. For example:

$.get(sourceUrl, data, callBack, \'json\');

could be used

Answer 1

$.getJSON() is used to execute (rather than using eval) javascript code from remote sources (using the JSONP idiom if a callback is specified). When using this method, it is totally up to you to trust the source, because they will have control to your entire page (they can even be sending cookies around).

From Douglas Crockford site about The Script Tag Hack (jsonp):

So the script can access and use its cookies. It can access the originating server using the user's authorization. It can inspect the DOM and the JavaScript global object, and send any information it finds anywhere in the world. The Script Tag Hack is not secure and should be avoided.