Now you can download JavaScriptCore from http://www.opensource.apple.com/darwinsource/10.4. 4.ppc/. It contains the affected source file kjs/function.cpp, but a quick look at it reveals that it doesn't have the same encodeURI, decodeURI functions nor the same flaw.
Slashdot Mirror
Thanks to Open Source, we can check ourselves whether Safari is affected.
You can see from the patch referenced from http://www.kde.org/info/security/advisory-20060119 -1.txt that the vulnerable functions are: encodeURI, decodeURI.
Now you can download JavaScriptCore from http://www.opensource.apple.com/darwinsource/10.4. 4.ppc/. It contains the affected source file kjs/function.cpp, but a quick look at it reveals that it doesn't have the same encodeURI, decodeURI functions nor the same flaw.