A serious… no, make that critical flaw has been discovered in Greasemonkey that allows an attacker unfettered access to your system. From the Mozilla discussion thread:

"But wait, it gets worse. An attacker doesn't even need to know the exact filename, since "GET"ting a URL like "file:///c:/" will return a parseable directory listing. (And Mac users don't get to gloat either; you're just as vulnerable, starting with a different root URL.) In other words, running a Greasemonkey script on a site can expose the contents of every file on your local hard drive to that site.

Running a Greasemonkey script with "@include *" (which, BTW, is the default if no parameter is specified) can expose the contents of every file on your local hard drive to every site you visit. And, because GM_xmlhttpRequest can use POST as well as GET, an attacker can quietly send this information anywhere in the world."

Yikes! Uninstall it… now.

UPDATE: If you gotta have it, a "neutered" version is available until a permanent fix is developed.