Great blog post about CSRF and whether it is a big deal or not.
You have to read this and then read all the comments. Great feedback plus back and forth by folks in the field. The important thing is to keep this topic and others in our minds, and share the knowledge with other developers. Only you can prevent forest fires...wait, I mean, web attacks.