By the way, if I'm correct on cross browser legality of this approach,
then there is a legal way to manipulate the model with cross frame
commands in spite of the fact that frame and page are cross domain.
Pretty sure cross-domain access to DOM of different hosts across an iFrame boundary was the very first thing that was disallowed, long before AJAX. If you could do that, you could capture anyone's credit card information just by embedding a real bank page within an iFrame on your page.