true, but i figure if i stick to mostly known sites that should keep risk at a minimum.
plus, i got NoScript in use which i imagine helps a bit there since a lot of the side stuff on plenty of websites don't load when that's running as i only allow what i need to allow for a site to function well enough.
That's were most of the exploits come from. Hacked "Known" sites. Even TWIT.TV was serving out malware at one point.