Why do we not see much AJAX in secure applications like internet banking?

Can someone list with references / evidences if possible, why we don't see much AJAX in secure web applications like internet banking?

For instance - Internet banking has a list of tabs for Accounts, Payments, Tools, Reports. Normally you'd see these implemented as links to different pages. Why couldn't you just have one page and use AJAX to load the content of the different tabs? (eg. a JSF RichFaces tab control)

I'm assuming that bookmarking and handling the back button (or disabling it as is common for internet banking) for the different URLS will be handled in either scenario. So I'd like to hear other things, like how it could affect security, performance etc?

My team is about to start building a web based payment management system (think setting up payments, managing client account balances, reconciliation etc.). Its not going to be making the actual payments, but it will at some point integrate with a leading bank's internet banking system.

We're divided over using one page and using AJAX for everything else

or

using AJAX only where its really helping user experience.

Ajax can improve usability but adds complexity.

• http://www.useit.com/alertbox/web-2.html

Banks need security.

• http://www.which.co.uk/money/bank-accounts/reviews-ns/online-banking-security/compare-online-banking-security/

Complexity is the enemy of security.

• https://www.schneier.com/blog/archives/2018/06/thomas_dullien_.html
• http://www.educause.edu/Resources/SecurityStandardsComplexityIst/162968
• http://portal.acm.org/citation.cfm?id=1218063.1217951

Therefore Ajax is the enemy of Banks ;)