The second is a more complex issue. What about the issue of session riding? Can I now make several requests at the same time? How does that effect the security model? Can I do GET DoS more efficiently by only making one request that in fact denotes thousands of calls to CPU or computationally expensive operations or functions? Previously I’ve seen people watch to see if certain objects were downloaded to tell if the user had certain things installed. Well now they are all downloaded at once. So maybe those would fall outside of the bundle and be called individually?
I’m sure there are other hidden issues, but I thought I’d at least throw that idea out to the general public to get the thought out there. Any other hidden issues?