Site Security Policy proposal
This is by no means ultimate protection, or server protection of any kind. It still can be avoided by malicious users but it could potentially bring an thin layer (but still a layer) of user protection against Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks.
Idea is everything but new. Five years ago, Flash Player 7 introduced policy files used for cross-domain data loading access control (crossdomain.xml). Current Flash Player 9 went even further in new functionality introducing stuff like meta-policies and so on.