[Greasemonkey] Bait and switch script installation

[Alex Thomson]

Like most people, when I look at a user script and then go
tools/Install user script, I expect the script that's installed to be
the one I just saw.  However, since GM re-downloads the script when
you click Install, this isn't necessarily the case.

Via mod_rewrite, http://example.com/script.user.js can return anything
it wants, and not necessarily what it returned to you the last time
you viewed the page.  This is a security risk, no?

-Alex Thomson