Indie-Resource.com

Opera's Dragonfly will make short work of that

whoa didn't know that, thanks for the heads up!

Naturally, you still have to check your data on the server side, and it would be foolish not to. But there are a couple of extremely powerful Javascript obfuscators that you can purchase licenses for. All of the ones that do it for you in the browser are crap, and can easily be broken (most of them are just converting characters to hex).

For an example of high-powered obfuscated code, if you have a GMail account, log in to your mail box and then choose "View Source". It doesn't look remotely like Javascript, and it is going to be uncrackable for 99.99% of the population, and the other 0.01% is going to have to be highly motivated to spend the months or years trying to figure anything out about it (they will have to understand every nook and cranny of the Javascript engine, and will likely have had to have built one themselves). There are no programs to simply load it back in to to get the source back out. .NET and Java obfuscators are still stronger, definitely, but there are JS solutions which can lock everyone out of your code almost completely. Obviously the largest AJAX and JS-powered sites in the world feel it is a good option.

However, as I stated before (and as you said, Chris), there is never an excuse for not validating on the server. Outside of your code, anyone could manipulate packets to send your server whatever they want.