Hii!
It would be easy enough to make the proxy functionality only work for specific URLs defined in a mediawiki message page. Tada: back to the same level of oversight and control that we already have.
What kind of change/revision management would those URLs have? Are copies archived/saved on toolserver for every script that gets uploaded to accessible area? :)
Oh, and adding to Dschwen's initial point.. the code should remove any session cookie and replace it with a cookie indicating a confirmed username.
It doesn't help with session hijacking - you can still get cookie values with javascript, and send xmlrequest anywhere you want.
Any sysop can already insert scripts which call remote scripts which have ongoing communication by inserting script tags over and over again. It's kludgy but it works.
Yes, it is one of current security problems, probably the global .js rights have to be moved from sysops to stewards :), but at least we can track who and when added what (revision histories!) - there's no such audit trail on toolserver.
It's also possible to use an invisible iframe as a request proxy off to another domain: http://blog.monstuff.com/archives/000304.html
You won't be able to read contents of that frame, nor get cookies, nor modify anything in frame document's DOM.
In terms of security profile adding a proxy wouldn't change anything..
Now you join the camp of ignorant! :)
but it would allow legitimate tool authors to avoid ugly kludges needed to work around the 'security behavior'.
the security behavior is to protect wikipedians.
BR