I think Plurk could be risking it. Apparently, they now allow everyone, from sign up, to edit the CSS in their profiles. That’s wonderful for the honest people in the world. However it’s not a good thing for those more malicious.
In Plurk’s Styling Tutorial, they show users how to edit their CSS and even recommends Firebug. That’s fine, until at some point, they show a theme they made, I guess. It’s a good looking theme and all, however, it is troubling that the image for the background is on some external site!