A year ago or so I discovered that iChat does not only share the rendering engine, but also the cookie manager with Safari. So you can CSRF someone over at least AIM (i don't know wether other protocols support html as well) by sending them an HTML message. The HTML message can contain an img tag, and thus execute a CSRF.
Since a friend of mine reported this bug when I found it, and they still haven't fixed it it seemed like the time to publish it. I also wonder wether other clients also share this problem (for instance windows clients using the msie rendering engine).