> From the perspective of anyone making a web site it's very easy to secure yourself against JS running on a third party domain: don't load any.
No that's only half the solution, the other (much harder) half is to ensure you have no XSS. The GP's point was if they hadn't allowed cross-origin scripting it would have had big security benefits.
