I don't see how this is the original authors problem actually, regardless of the cause. Someones incorrectly written code injected into your own runtime environment could cause all sorts of weird problems.

IMO this is a reasonably serious browser security issue along the same lines as CORS, but thats another argument.