"It begins when you visit a malicious site while logged into Gmail. "

Hoping tools like his will avoid the problem:

Just started using fluid (OS X; free) http://fluidapp.com/ There is also http://mailplaneapp.com/ (OS X; trial ware) which looks promising.

There is a little problem with Fluid it seems: it shares my Google session with Safari. So, if I'm logged in in one, I'm logged in in the other.

So, that doesn't help at all for the problem at hands...

As far as I'm concerned, I try to use Firefox for Gmail only and Safari for the rest.

There has not been any official proof that a security hole in Gmail is still the weak link here. The proof of concept I saw about how one would inject filters into Gmail after they patched up the previous security hole was pretty flimsy.

Makes me wonder, are any other email services besides gmail open to this exploit?