The system isn’t email only. It records the errors to our system. DamnIT provides limited project management functionality. You can mark errors as accepted, in progress, or closed. It will also show you your most common errors.

Sensitive information is an important issue. Although the information being sent to us is safe (sent via https). You basically hand us the keys to your website as we can execute JavaScript on your website and do anything the user can do.

DamnIT and any other remotely loaded JavaScript (google analytics) shouldn’t be used unless trust the vendor completely.

Another security issue is that your html content is saved on our machines. If we were evil (we aren’t) we could read it. However, it’s save from everyone else.

You’re correct about our future plans with DamnIT. In the very short term, we are going to building something like SubSpace (http://www2007.org/program/paper.php?id=801) to prevent cross site scripting attacks. We will also provide an option not to save the HTML content on our server.

Eventually, there will be a non-central version of DamnIT that people can download and install on their own. This will avoid all the security issues and perform better because it won’t have to be cross domain.