I just attended Mark Jaquith's excellent talk on secure plugin development at WordCamp NYC. He mentioned that when calling a ajax processing script we should not use...
...because it prevents people from moving the config.php file out of the root WP directory. I can't remember what to use instead though. Anyone?