Open standards always cause security problems and Google's OpenSocial API introduced last week is no exception. Not only was an early application based on the standard hacked within minutes, it quickly became evident that OpenSocial is vulnerable and offers an open door to anyone who wants to put a little effort into pushing it open.
But it is not only OpenSocial's lack of security protection that makes it vulnerable. First, OpenSocial is not an "open" standard at all. It is a proprietary API defined by Google's commercial priorities - including a transparent knee-jerk response to Microsoft taking a stake in the acknowledged market leader Facebook. The history of IT is littered with unsuccessful attempts to promote proprietary standards as "open" (just look at IBM with SNA and SAA).
Second, there is already a genuine open standard (Openquabal) - supposedly designed to do the same things as the OpenSocial API. Unfortunately Openquabal does not have the backing of a predatory multinational corporation so it will probably fall by the wayside.
Then again, large corporations spent most of the 1980s and 1990s bickering about common networking standards only to be outflanked by a 30-year old academic standard devised by the US Department of Defence. It was called ARPANET.®