What's the point of the Anti-Cross-Domain policy?

Question

Why did the creators of the HTML DOM and/or Javascript decide to disallow cross-domain requests?

I can see some very small security benefits of disallowing it but in

Answer 1

When cross-domain scripting is allowed (or hacked by a clever Javascripter), a webpage can access data from another webpage. Example: joeblow.com could access your Gmail while you have mail.google.com open. joeblow.com could read your email, spam your contacts, spoof mail from you, delete your mail, or any number of bad things.