There is no need for the personal attacks.
All I am saying is that the described attack scenario wasn't possible. And I am again highlighting the word described. The description of the attack is not correct. A malicious javascript from techjamaica.com cannot access cookies from say gmail.com. That said, there have been multiple instances where the SOP was bypassed. And we can discuss those cases. However, at that point its a different ballgame.
Now, can you inject malicious scripts into a page to totally own a box/user? Absolutely. So I am not disagreeing with you. All I am saying is that that particular scenario as described is incorrect. I do however understand your general argument.
No issues man....