I still don't see how this javascript proxy adds extra vulnerabilities. The only difference between having a proxy, is the advantage of being able to directly use an xmlhttprequest. Introducing this proxy will still only allow local sysops to add toolserver JavaScript to the wiki.
Being a sysop, what I would then is: var req=sajax_init_request(); req.open('GET', '/tools/~bryan/evil-script');. What I now do is document.write('<script src="http://tools.wikimedia.de/~bryan/evil-script"></script>'). This still executes JavaScript being out of revision control.
Bryan