So, there is a way to allow JS API requests from domains other than where you Discourse is hosted.
For this to work, you’ll need to enable Cross-origin resource sharing:
For a multi-site setup, you can also use a per-instance setting:
(…see more here)
Now The Question
Are there ANY risks by enabling it?
Be it tiny, small, medium or large, may you elaborate please - which are the risks, drawbacks or other negative sides of enabling cross-origins for a particular domain.