XMLHttpRequest Security errors

Hey /prog/, not a regular but I thought I'd try you guys - I'm running into problems when I try to load cross-board content using xmlhttprequest. Apparently it only works in the same domain, so I get security errors when a link pointing to img wants to load content from dat (the cross-board links send you to a redirecting page which does this). Any ideas on how to work through this? I'm running the code through the Greasemonkey Firefox extension. Thanks!

>>20
SSL is irrelevant because we're assuming the victim is using somebody's malicious UserJS/GreaseMonkey script, where it can pick up your password when it is in plaintext on the client-side.
The attack model is as such:
1) Villian has written UserJS script which makes use of XHR
2) Victim has Cross-site XHR enabled
3) Victim is using villian's UserJS script
At this moment, it is quite trivial for the Villian's UserJS to use some sort of timer/event handler to pick up the password at an arbitrary moment before it is sent over the wire, ie. onsubmit event handler. When you have the password, you can utilize XHR to send the contents to your own server, which normally would not be allowed since by default cross-site xhr is disabled.