I have yet to see an example of pure JavaScript code that can read an end-user's IP address. Any code I've seen returns either "localhost" or "127.0.0.1".
That's kind of the conclusion I've reached, though I'm far from an expert. So, if it can't read the IP, why is it a security risk? Because of cookies?
