I just read a great article on Cross Site Reference Forgery, specifically related to how Rails 2.0 handles it. I think it is a must read for all rails developers. It gives a very clear description of the potential vulnerability, which I think is important to understand
I recently upgraded some apps to Rails 2.0 from Rails 1.2.4 (more on that in another post) and this was one of the main reasons.
