My quick read is that the code they gave you earlier allows anyone capable of writing a cookie to execute arbitrary JS code against anyone who loads a page with the affected Javascript on it. It is 3 AM, though, so don't trust me on that read.
This class of mistake is very easy to make any time you have a paradigm which revolves around using eval(), and document.writeln() is eval() for all intents and purposes.
I kind of prefer doing my A/B testing server side, where I have the usual guarantee about the safety of all code I choose to execute. This isn't the best reason to abandon GWO -- not by a long shot -- but it is an added bonus.
You just enter the URL of the page in question, and it will tell you whether the google website optimizer code is up-to-date, and if it needs to be edited, it will tell you what to change and where to change it.
This class of mistake is very easy to make any time you have a paradigm which revolves around using eval(), and document.writeln() is eval() for all intents and purposes.
I kind of prefer doing my A/B testing server side, where I have the usual guarantee about the safety of all code I choose to execute. This isn't the best reason to abandon GWO -- not by a long shot -- but it is an added bonus.