Hi Doug, I was the one asking this same question earlier in the thread you linked.
What I ended up doing (or rather, what I am still in the process of implementing) was to run my webapp on a separate server from Shindig, but with a rewrite rule on my webapp server to my Shindig server. e.g. http://www.mywebapp.com/shindig/(.*)$ --> http://www.myshindig.com/$1 This allows my container page to make requests to the shindig server, since the request is to the same domain. It also gives me the security of scenario 3, because the gadget iframes are still rendered on www.myshindig.com as per container config. Isaiah