It may be a while before this hits mainstream, but watch out if it ever does.
For those of you who haven't seen the buzz, Greasemonkey is a Firefox extension that allows users to add DHTML capability to given web pages. Inspired by Google's AutoLink feature the script basically gives users the capacity to change the content of web pages on the fly - not the text so much (though the 'Michael Jackson remover' is sure to be a hit with news readers tired of that sort of pap) as the code that controls the page display.
Naturally, the first thing to go were the ads. User scripts stripping ads from popular sites - including About.com, BoingBoing, Feedburner (in Bloglines), CNN, the list goes on - can be found on the Greasemonkey user scripts page. The New York Times will want to take a closer look - there's a script that plays around with the HTTP_REFERER, essentially allowing readers to view articles without logging in. Another script automatically grants the user a Salon day pass. Flickr - which uses Flash to control image downloads - is now Flash-free. Another script provides annotation to Google results showing the del.icio.us tags. Another script allows links to be rated; another looks up citations.
There is a Greasemonkey blog (naturally). Discussion has turned to the malicious uses of Greasemonkey - for example, to steal cookies or launch DDOS attacks.
The reasons commercial sites should be concerned about this development are obvious, I think. But rather than launch a Greasemonkey coding war I think the better approach is to think about what happens when your web page becomes the host for any number of foreign scripts. I don't have any quick answers here - but the bottom line, I think, is that your readers have suddenly become a whole lot more powerful. Or will become more powerful, as I say, should something like Greasemonkey ever become mainstream. Which - one day - it will.