This is a truly scary story : David Airey got his domain stolen because of a GMail vulnerability. Short story: it was (seems it's fixed) possible to create filters on Gmail just by visiting a link or, say, loading a hidden frame on a malicious website. Like, create a filter to forward to evilguy@evilhost.com any email containing the word "password"…