There’s something of a tempest about security over on the Greasemonkey list. Turns out all of the GM_* API functions are available to potentially malicious code on any website where a script is called (this is bad). Stopgap measures:

1. disable all scripts which are called for any page,
2. download and install this neutered version of Greasemonkey which removes all the GM_* functions (many scripts will break), or
3. uninstall or disable Greasemonkey.

Personally, I feel that last one may be a bit of an overreaction. Hopefully, this will be fixed very soon (these folks are brilliant), but now that the vulnerability has been exposed, you can rest assured someone will waste no time taking advantage of it.