> Does anyone know how often JS is used to grab someone's IP address even
if they are using a proxy?
Not with JavaScript (all browsers exept IE).
Possible with JScript (IE 5.0 and higher) using it as a transport to
VBScript over
execScript().
*But* only if user is stupid enough to click Yes on "this page contains
potentially dangerous content".
If you move security settings to High, when nothing to worry about at
all (popup will not appear, script not executed). Lesser users take
security decisions - better for company :-)