Part 2 of this post.
it turns out that there are some very interesting things hidden in the dom.* section of about:config.
Specifically, there is this handy key which defaults to false, but if set to true is actually a rather beneficial security enhancement:
For some more reading on the topic, designed around building a custom security policy for firefox suitable for pushing out to end users, check out this article.