Here's a new release from Google Code that I'm really getting into - the online Browser Security Handbook.
This document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers. Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.
Although all browsers implement roughly the same set of baseline features, there is relatively little standardization - or conformance to standards - when it comes to many of the less apparent implementation details. Furthermore, vendors routinely introduce proprietary tweaks or improvements that may interfere with existing features in non-obvious ways, and seldom provide a detailed discussion of potential problems.
Reading information like this makes me feel like my friends when they set their browser to disable third party cookies for the first time and they start seeing dozens of cookie requests as they browse. They had no idea how much gets placed on their computer much like I'm about to be saying "I had no idea" while reading that.