Any domain cookies for .bigheadlabs.com are vulnerable, which could be a real problem (Wordpress admin maybe?).
Domains are so cheap now that I almost always buy one for every project (even hacks) these days, partially just to isolate potential XSS issues.
I didn't mean to imply anything disparaging towards you, this kind of annoying stuff pops up even at Google. It's so easy to miss a spot, especially on quick hacks.
Thanks for creating that site, it's an awesome contribution.
