What is the meaning of this security alert?

I ran fiddler under the browser (Google Chrome) and I have watcher installed in fiddler. It alerted to:
Watcher Security Report

The following issues were automatically identified by the Watcher security plugin for Fiddler.

Cookie's HTTPOnly flag was not set

Cookie’s HTTPOnly flag was not set
risk Medium
http://europa.buienradar.nl/images.aspx?jaar=-3&bliksem=0&voor=&soort=laatstebeeld&id=10870

What is this?

polonus

HttpOnly cookies are a great idea, and properly implemented, make huge classes of common XSS attacks much harder to pull off.
HttpOnly cookies can in fact be remarkably effective. Here's what we know:

HttpOnly restricts all access to document.cookie in IE7, Firefox 3, and Opera 9.5 (unsure about Safari)
HttpOnly removes cookie information from the response headers in XMLHttpObject.getAllResponseHeaders() in IE7. It should do the same thing in Firefox, but it doesn’t, because there’s a bug.
XMLHttpObjects may only be submitted to the domain they originated from, so there is no cross-domain posting of the cookies.
The big security hole, as alluded to above, is that Firefox (and presumably Opera) allow access to the headers through XMLHttpObject. So you could make a trivial JavaScript call back to the local server, get the headers out of the string, and then post that back to an external domain. Not as easy as document.cookie, but hardly a feat of software engineering.


Quotes from Jeff Atwood on Coding Horror
So what is GoogleChrome’s policy here/ → http://www.browserscope.org/?category=security
Fact is that risk is not from my browser as user agent, but from a Vista Sidebar Gadget: meteox, see link in initial posting.
So this indicates that Sidebar is vulnerable to XSS attacks, and MS was right in questioning the security of Sidebar and the discontinuing thereof,
could there be tampering of data on a low level?

polonus