Yes. Putting untrusted web widgets on a web page is risky, because the Javascript in the widget can read the web page and send that information back to the developer of the widget. This is called Cross Site Scripting, and it's the one of the key reasons that blog, start page and social networking systems are increasingly restricting the use of JavaScript (a key widget technology) in their systems. Widgetbox provides an iframe-based security layer around widgets that prevents XSS attacks.