The good folks at Mozilla are working on what they call "Content
Security Policy" [1], basically a whitelist for JavaScript
cross-domain access.
I'm just flagging this up here because of the potential benefits from
querying toolserver tools from wiki(p|m)edia sites. (and yes, there's
JSON, but it's not supported by most tools)
Magnus
[1]
http://people.mozilla.org/~bsterne/content-security-policy/