To reiterate my response from another thread, this is not Jira cloud specific. This is how XmlHttpRequest works. Browsers will safeguard the end-user by making sure it only executes trusted client-side code.
You might want to read up on Cross Server Scripting (XSS) and Cross Origin Resource Sharing (CORS)