The good folks at Mozilla are working on what they call "Content Security Policy" [1], basically a whitelist for JavaScript cross-domain access.
I'm just flagging this up here because of the potential benefits from querying toolserver tools from wiki(p|m)edia sites. (and yes, there's JSON, but it's not supported by most tools)
Magnus
[1] http://people.mozilla.org/~bsterne/content-security-policy/