The discussions about the security concerns of JSON coming up again. Are you looking for alternatives ?
I am not used to advertise for my web site but there is an alternative cross browser solution available since 2005. It's robust code and it's running inside many web applications on Java and ASP.NET.
- standard web services on the server.
- SOAP (XML) used on the network.
- AJAXEngine layer that solves the typical timing problems.
- No eval() !!! - no evil from eval !!!
One approach for multiple platforms.
By using the standard protocol on the server side you don't need to incorporate any special new interfaces for you AJAX solutions and take the full advantage to the stable and secured server ports.
Have a look at http://www.mathertel.de/AjaxEngine/
It's Open Source using a BSD style license and available on http://sourceforge.net/projects/ajaxengine/