A note on security
With anything on the net, you should only be running code from a trusted source. All sorts of nasty things can happen just by visiting a scammer's website (XSS+phishing combo attacks and such). Obviously COWS Ajax introduces another layer of concern, but it can be mitigated by running tools/apps from trusted sources only. If someone has a vested interest in offering a tool, then that should reduce the odds of a scam. There's a wealth to be gained from 3rd parties... just be smart about which one you bet on ;-)
Should you use code from Osama’s Death-to-America Phishing Emporium? I’d suggest "no". However, people install the dynamically created javascript for Google Adsense and Google Analytics all the time for a reason. Your browser can't protect you if you are including the Google Analytics javascript and they change their motto from "Do no evil." to "Yeah, let's do evil as often as we possibly can". At it's core, that's the only security concern about COWS Ajax too (granted it can mask things more easily). Clearly it’s a matter of "who do you trust?" Can you know anything 100% with certainty... obviously not (you know, that Descartes Evil Genius notion). But you can make reasonable assumptions and those are certainly bolstered if the script in question has a plausible reason for you wanting to run it.