Nicely done script. BTW, setInterval(A,5) works as well.
http://developer.mozilla.org/en/docs/DO ... etInterval
Zomis: yes, JavaScript can be executed that way. Even more cool is that "javascript:" urls can even be bookmarked to make "bookmarklets" which can be executed on pages to do some coolness. (For example, if you bookmark the script above, you can then execute it on any page.) "Greasemonkey" firefox extension elevates this concept even further.
And no, this is not a security hole, because the user has to type the URL in (or click on the link) anyway. However, lately there's another, related type of attack: XSS (Cross-site scripting). If phpBB had a security hole, I could insert a "script" tag inside this post, which would run the script inside it every time the post is shown. The script could consist of these steps: 1. open profile of currently logged-in user in background. 2. get his password, change his password, steal some data, make fake posts, etc. (whatever I wish). 3. send information (e.g. passwords) to intruder's server. 4. make more (fake) posts that contain the script so it spreads further.