Rey, thanks for getting back to me. The issues were flagged as cross- site scripting, saying a call to getScript, getJSON etc. leaves the door open for unauthorized requests.
Even though we are sure that we could use this safely in an application, we are at the mercy of the scan results. Sorry that I can't share more information. Thanks, Chris
