The T-Mobile only hit the market this week and already a security flaw has been found in the Google Android browser. The flaw could allow a site to install software unbeknownst to the user. For example, a keystroke logger could be used to capture personal information such as passwords.
Google confirmed the issue and has already fixed it in the open-source version of Google Android and is working with T-Mobile and HTC to fix it for the G1. Given that the G1 supports OTA updates, T-Mobile should be able to push the update out to users as soon as it is ready.
Google also suggested that the damage of such a vulnerability would be limited to some degree by the software compartmentalization used in the Google operating system. I suspect that this is but cold comfort to anyone whose personal information could be stolen by this vulnerability.