Performing CSRF, or posting on behalf of a user or resetting their passwords.
Creating site deformation by adding external, unapproved content to a site
Redirecting users to a web page with fake or inappropriate content.
Opening up DOM-based XSS vulnerabilities.
Ripping off user’s cookies and gaining access to their accounts.
Forcing a user’s web browser to attack other computers on the internet.
Prevent vendors from placing their cookies on users and tracking them on other sites.
Prevent vendors from recording the user’s keystrokes.
Prevent vendors from changing areas of the site by overwriting data and controlling content.
Prevent vendors from reading sensitive information such as user logins and passwords.
Prevent vendors from capturing clicks on the site and overriding the actual destination of a click.
Implementing a solution such as this will allow the engine to control the actions of third party scripts on a site while still reaping the benefits of utilizing web widgets.