Basically, if you have a single page anywhere on your domain that doesn't run the script, a malicious site could load up window.name with something nasty and then send the user to that page - if they then followed a link to a page that did execute the script the malicious code would be executed as an XSS attack.
I don't understand the value of this library. For non-SSL static files, the usual techniques apply: long-term expires headers, gzip compression, combining multiple scripts, CDN, etc. For SSL content, IE7 and FF3 will use disk caching for static files if cache-control is public (FF2 requires a configuration change). Is there a use for this I'm missing?
Basically, if you have a single page anywhere on your domain that doesn't run the script, a malicious site could load up window.name with something nasty and then send the user to that page - if they then followed a link to a page that did execute the script the malicious code would be executed as an XSS attack.