The Same Origin Policy has been implemented for security reasons ; quoting a relevant sentence from wikipedia :
This mechanism bears a particular
significance for modern web
applications that extensively depend
on HTTP cookies to maintain
authenticated user sessions, as
servers act based on the HTTP cookie
information to reveal sensitive
information or take state-changing
actions.
A strict separation
between content provided by unrelated
sites must be maintained on client
side to prevent the loss of data
confidentiality or integrity.
Basically, you don't want any given website (like any website you might be surfing on -- and we all know people sometimes arrive on websites that you shouldn't trust) being able to access data from any other one (like your webmail, or account on a social network).
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
