This image was lost some time after publication.

SecTheory CEO Robert "RSnake" Hansen, a security consultant — and therefore a professional fearmongerer — for clients like Microsoft and eBay, says computer fraudsters can insert malicious JavaScript and HTML into Google Gadgets — widgets for Google's customized iGoogle homepage. Google doesn't screen the widgets for this code, he claims, and so users put themselves at risk of data theft and computer-killing worms. "Google cares more about tracking users than they do about consumer safety," Hansen told an audience at a convention yesterday.Hansen has a long, adversarial history with Google, going back at least four years to when he warned Google, eBay, DoubleClick and Visa of a vulnerability being used by "phishers," fraudsters who create fake emails and websites to look like trustworthy domains in order to steal user data. eBay, DoubleClick and Visa fixed the problem within weeks. Hansen says Google still hasn't. Or perhaps it simply hasn't agreed to pay Hansen's consulting fee — think it's a coincidence that eBay's now a customer of his? — and he's just playing hardball. Either way, careful where you get your widgets — and your security advice.