For example, I notice they are loading external Javascript files from Googles servers.. Isn't external Javascript a very very bad thing to do on such a site?
I had been using
http://www.changedetection.com to monitor the site and then manually verify and post an OK on the BitAddress forum thread. Sure, that's not foolproof since if the site were compromised and spits out a compromised page let's say for 1 out of 10 requests, the chances are very low I'ld know for some time (i.e., a 10% chance of detecting it, 90% chance the attacker would get away with it -- for at least one day.)
Here are the steps I follow:
-
http://bitcoin.stackexchange.com/a/9115/153