1. "Ambient authorization" aka cross-site request forgery.