(edited as I realised something else)

Note that if you use an IFRAME or OBJECT to directly include sl.php, IE will (with good reason) warn the user about it under default security settings. This is because there are cross-site scripting issues involved (similar tricks are used to steal login information).

This has only been tested with IE here, YMMV.