This security restriction is to avoid cross-site scripting attacks (XSS).

The SOP is a security restriction that basically forbids a page loaded from a certain origin (meaning the protocol/host/port trio of the URL) to access data from a different origin.

This should only work if the client and the server are on the same machine, and no special restriction logic is implemented in the customized security plug-ins.