My own paranoid thinking is why I put all of the changes into an external CSS file instead of in the JS itself :)
Greasemonkey only loads the javascript from the remote server the first time when you install it, giving you a chance to audit the code before installation. Future js changes will not affect you unless you reinstalled the script.
You are viewing a single comment's thread from:
I haven't really messed around with Greasemonkey, good to know that's how it works.
Still, I can imagine somebody doing something like this, waiting until it got a lot of upvotes and people saying it worked great and looked safe, then changing the js so any new people install sketchy javascript...
I've updated the post and theme to do what I can do address this. If you or anybody can think of a better, more secure way to do this I'm open to suggestions :)