Scripts running on a given web site are not allowed to see the contents of variables on other sites, and should not be able to check for their existence. This policy was not correctly implemented for the "in" operator, allowing web sites to check for the existence of variables on sites from other domains. Their contents could not be read, but their existence may reveal limited information such as logged-in state.
Opera Software has released Opera 11.60, where this issue has been fixed.
Thanks to David Bloom for reporting this issue to Opera Software.