No I was looking for any javascript exploits of the referer header and to-date there aren't any. It's a very, very nitpicking remark. :)
Most sites describe referer checking as the 90% solution mostly due to the cases where the requests are legimate, but turned down because of the reasons you gave above (link in an email, bogus proxies, etc)