Why cross-domain httprequests is a security threat is a mystery to me. It should be allowed as the only outcome is that developers must find alternative solutions such as this new feature in Dojo while use iframe instead of the XHR-object. Personally I use a script on the server which acts as a proxy to relay the requested page from the external server.
Technorati: Ajax