It would be handy if you could specify a default datasource name in the cfapplication tag, or Application.cfc, and then omit the datasource attribute in the cfquery tag.

ColdFusion MX 7 has a new feature that lets you "lets you protect one or more variable scopes from cross site scripting (XSS) attacks". It can be turned on in the cfapplication tag using the scriptProtect attribute, or in the ColdFusion Administrator as a global setting.