Cross-origin resource sharing is a web browser technology specification, which defines ways for a web server to allow its resources to be accessed by a web page from a different domain. Such access would otherwise be forbidden by the same origin policy.
Implementing CORS on a server is as simple as sending additional HTTP headers, for example:
So, what about security?
Have no dependencies to the HTML, inject what you need
Package all your scripts (including vendor scripts) into one file and minify it for production
...but keep it uncompressed during development for easier debugging
Protect yourself by sandboxing your code
...and run all vendor scripts in noConflict-mode
Be careful if you use js-plugins: Know what they do (and don't do)!
Use only full urls when accessing stuff on your server
Have AT MOST one global variable
Do not change the style of generic HTML-elements such as body, p or div
Consider prefixing all your HTML-element ids and/or classes
...or make your CSS selectors specific to your root element
Be specific about which origins you allow when using CORS