With all the cross-site scripting bugs in Google, I'm surprised our blog (hosted by Google's Blogspot) hasn't been defaced yet.
One way to protect against this is to open separate instances of Firefox, one for Google, and one without Google. This allows you to have GMail up on a separate windows on your desktop, but without the danger of XSS bugs crossing over and hijacking the GMail session.
In order for this, you need to take advantage of Firefox profiles. You need to create two scripts, one that launches the existing "default" profile, and one that launches a "gmail" profile. The following is the script for Windows that launches the "default" profile, just change "default" to "gmail" for the second script.
You need to now launch Firefox using these scripts, because launching it normally will just use whichever of the two profiles you used last.
var shell = WScript.CreateObject("WScript.Shell");
var env = shell.Environment("User");
var installpath = shell.RegRead("HKLM\\SOFTWARE\\Clients\\StartMenuInternet\\FIREFOX.EXE\\shell\\open\\command\\");
env("MOZ_NO_REMOTE") = 1;
shell.Exec(installpath + ' -P "default"');
env("MOZ_NO_REMOTE") = 0;