Ahhh, gotcha. When we had the last gallery at SP someone was able to use a hole in it to craft a url to grb my cookie. He then logged in as me and posted in the Admin section what he had done. Luckily, he was not a malicious user. He works with a group of individuals who go around and exploit things like this to let Administrators know how serious it is. He told me what allowed him to do it and explained it all to me. He asked me where I got the gallery so he could contact the maker. That was when we took the gallery down. We dodged a bullet that time. He could have really caused some problems.