I''ve found a secuirty issue with the proxy implementation of find_with_xapian in the acts_as_xapian plugin. I''ve documented it over at the acts_as_xapian Google Group (http://groups.google.com/group/ acts_as_xapian/browse_thread/thread/8bc8da3275985383) but since that group is pretty low traffic I thought it would be a good idea to let people know about it here too just in case they''re using aax but don''t know about it yet. Dale