Well, there were two issues. First was the XSS issue. I solved it by using iFrames. I decided to stay with iFrames because it has much better scaling support, when the project is placed on a WordPress page. In the thread you linked, I detailed the performance issue when using Hype scaling, vs my own scaling code.
Also, I add styles to the HTML header for the B.R.O.O.M project, so placing a project on the page causes problems too.
There's a nice module for managing your site's Content Security Policy (CSP)
I was livid when I found out that my smilies were being hosted offsite. To solve that problem, there's the "Classic Smilies" module...