Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 14722)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -1106,6 +1106,7 @@
 case 'menu-locations-save':
 	if ( ! current_user_can( 'edit_theme_options' ) )
 		die('-1');
+	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
 	if ( ! isset( $_POST['menu-locations' ] ) )
 		die('0');
 	set_theme_mod( 'nav_menu_locations', $_POST['menu-locations'] );
Index: wp-admin/js/nav-menu.dev.js
===================================================================
--- wp-admin/js/nav-menu.dev.js	(revision 14722)
+++ wp-admin/js/nav-menu.dev.js	(working copy)
@@ -34,6 +34,7 @@
 			this.setupInputWithDefaultTitle();
 			this.attachAddMenuItemListeners();
 			this.attachQuickSearchListeners();
+			this.attachThemeLocationsListeners();
 
 			this.attachTabsPanelListeners();
 
@@ -329,7 +330,7 @@
 		},
 
 		attachAddMenuItemListeners : function() {
-			var form = $('#nav-menu-meta'), loc = form.find('#nav-menu-theme-locations');
+			var form = $('#nav-menu-meta');
 		
 			form.find('.add-to-menu input').click(function(){
 				$(this).trigger('wp-add-menu-item', [api.addMenuItemToBottom]);
@@ -341,9 +342,18 @@
 			form.find('.posttypediv, .taxonomydiv').bind('wp-add-menu-item', function(e, processMethod) {
 				$(this).addSelectedToMenu( processMethod );
 			});
+		},
+		
+		attachThemeLocationsListeners : function() {
+			var loc = $('#nav-menu-theme-locations'),
+			params = {
+				'action': 'menu-locations-save',
+				'menu-locations': loc.find('select').serialize(),
+				'menu-settings-column-nonce': $('#menu-settings-column-nonce').val()
+			};
 			loc.find('input[type=submit]').click(function() {
 				loc.find('.waiting').show();
-				$.post( ajaxurl, loc.find('select').serialize() + '&action=menu-locations-save', function(r) {
+				$.post( ajaxurl, params, function(r) {
 					loc.find('.waiting').hide();
 				});
 				return false;