From Steve's editorial:
look for potential hacking issues, like updating all of your lookup values to the same string, or embedding script tags in your data.
Can anyone elaborate on either of Steve's two suggestions? I don't understand what either of these ideas mean. I'm hoping that it's obvious after someone explains them but at this point I'm clueless. Any links perhaps?