I was on this Mobile Reviews - O2 page just now, when I noticed firefox showing it was trying to contact 127.0.0.1, that for those who don’t know, is a special IP address which points to ‘localhost’, i.e. the client computer which is viewing the page. the line is question is:

< script language='javascript' src='http://127.0.0.1:1030/js.cgi?ca&r=4675'>script>

It appears as if this o2.co.uk page is trying to connect to port 1030 on the user’s computer and request a javascript file. This is vary strange and I presume (in good faith) that this is a mistake, but o2 should not have this on their website, people do not expect a website like this to be contacting an obscure port on the local computer.
O2 have had much worse security issues in the past (as reported on jibble.org)

Ask Yahoo! - Best of 2005

The link above goes to the ‘Best of 2005′ page. Only just found this site, but seems useful for future work avoidance.