@rnd_meJul 12.2011 — #you can steal the ciphering function from http://danml.com/pub/crypto.htm , but you'll still have to get the user the key somehow, which makes it difficult to use for public sites.
if you distribute a big key on a thumb drive, it's pretty safe...
It's a better bet to simply use https for both your ajax and html pages urls. if you use https for just the json, you won't be abler to use ajax, and there will be an annoying security "mixed zone" warning.
@svidgenJul 13.2011 — #You can certainly obfuscate and even encrypt messages/JSON/XML. You can even obfuscate the code that de-obfuscates the message. But ultimately, the end-user needs to possess the code that knows how to read the message. So, it's a little silly to encrypt it ... unless your intent is to keep it from staying unencrypted [I]in cache[/I].
If the intent is to keep a user's private data out of the cache (say, if you're concerned about folks using your app at the public library), this request is a little less silly. But, if you're trying to keep client-side code, an algorithm, or a messaging format protected, you're likely just wasting your time.