An exploit which allowed mischievous people to steal contact lists from GMail users has been patched by Google, after it was discovered that the JavaScript file used to store the lists was the same for every person and could be easily retrieved. While not so much a dangerous security issue since it is nothing more than lists of email addresses, the inherent insecurity in storing data in "predictable" URLs is obvious and something that needed adjusting. This is not the first time a flaw of this nature has been discovered in GMail:
The flaw, similar to previous problems with GMail, was first reported by Googlified. The security bug was introduced through an unannounced feature on Google Video that was designed to allow users' to email clips to their contacts more easily.
Many of the issues are worked around by using a POP email client rather than the web client. Exploitation of this particular flaw would require someone visiting a malicious site, though not much else is required.