- they’re (still) used; a lot of publishers who don’t have established accreditation processes simply stick tags in their pages at the location where they expect ads to appear, without providing DIVs to anchor onto, nor IFRAMEs. Sad but true.

- IFRAMEs, while great, don’t unilaterally prevent third-parties from touching the publisher’s DOM. In particular, when dealing with lots of implementations of expandable units delivered within IFRAMEs, you gotta have a way of busting out of the IFRAME on expand, and that implies having a mechanism to play with the IFRAME parent’s DOM (i.e., the publisher DOM).

In general, I think that there is an implicit trust relationship between publishers and their direct advertisers. Ad units delivered through generic third-party ad network tags are a different story, but those are rarely rich units anyway and can likely safely be isolated in IFRAMEs.

This trust relationship, it’s worth mentioning, exists between publishers and other “service providers” too, so it’s not reserved solely to advertising. For example, if I stick del.icio.us’ mp3 player tag code in my page, I’m theoretically opening myself up to the possibility of a compromise of del.icio.us affecting my site as well.

Thanks for the post… I’ll be watching for additional insights.

Interesting, though – I believe Google’s implementation might make one of the standard ways to protect pubishers, wrapping ads in an IFRAME, unable to work, since the tag in the body is dependent on the tag in the head.

So I wonder if they’re going to start pushing an open toolkit for rich ad unit production for implementation within ad manager.

Personally I think I still see the whole Google Ad Manager thing as a potentially gross conflict of interest for established publishers.