My event calendar was accepted for submission to the directory, and I am very glad that happened! Infact a google employee directly emailed me and asked me to submit it to the directory and it appeared within a day of doing so.

That said, I find it hard to believe the modules in the directory created by users are not copied and hosted on your servers. Now my personal bandwidth is being used by who knows how many people that are attempting to add my module to their personalized homepage. I am a poor college student who likes to pay as little for my personal web hosting as possible (hence why I use nearlyfreespeech.net, who charges for what you use.)

Furthermore, have you considered the security ramifications here? You're pointing users to xml files hosted by other individuals. What safety measures do you take to tell that those xml files for user created modules are not modified after you have added them to the directory? Someone could then modify their inline module to be of type url and start using some malicious code to exploit the latest and greatest browser flaws. Do you want that to be happening on peoples personalized Google homepage?

I would assume that you would have considered this, but nowhere is it stated in any FAQ's about how this is handled. Nor is there any information as such given to developers who submit their modules. All there is is a little string that says something along the lines, thanks for submitting your module.

Do us a favor and give us a little bit of insight on this matter, please.