Serializing js objects methods: is it really a problem

Someone says here that it would open to attack How do you serialize javascript objects with methods using JSON

This is a rather superficial answer for me because why would it would more open to attack than classical ajax call ? Is the guy just against Ajax ?

It's not about transmitting code to be executed to the server, it's about transmitting code to the client and it's in javascript I can't see how it's more dangerous than ajax since ajax is just doing that but s开发者_如何学Pythontatically instead of dynamically.

Transmitting code which will be evaluated from the client to the server introduces an attack vector because client-side code can be changed by a malicious user. The danger isn't that the wrong kind of data is being transmitted, but that untrustworthy programs are being executed. It has nothing to do with being for or against Ajax.