It looks like (based on myspace's investigation on the apache.org 404'ing issue) that some anti-phishing tools are taking the javascript src tag in javadoc a little to seriously and actually pinging the url.
if that's the case (and we should know for sure end of week), we should probably seriously consider removing it from our javascript code too, don't want this reproducing any further. Interesting problem btw, never would've expected that as the source for that issue
