I'd actually confirm what you're saying, Harlan. I know a few friends who had their Gmail accounts hacked this past weekend and messages were sent on their behalf. What if those messages seemed legit and had links to spyware that people loaded onto their machines unknowingly...at work?

The upshot of all of this discussion: we need a massive public education campaign about operating securely on the Web - including public servants and the public they serve.