What's the point of the Anti-Cross-Domain policy?

Question

Why did the creators of the HTML DOM and/or Javascript decide to disallow cross-domain requests?

I can see some very small security benefits of disallowing it but in

Answer 1

To clarify some of the ideas in the questions into a specific use case..

The cross domain policy is generally not there to protect you from yourself. Its to protect the users of your website from the other users of your website (XSS).

Imagine you had a website that allowed people to enter any text they want, including javascript. Some malicious user decides to add some javascript to the "about yourself" field. Users of your website would navigate his profile and have this script executed on their browser. This script, since its being executed on your website's behalf, has access to cookies and such from your website.

If the browser allowed for cross domain communication, this script could theoretically collect your info and then upload it to a server that the malicious user would own.