Right - the original reason for same origin policies in browsers was to prevent scripts from stealing data from private corporate intranets.