Have you ever seen this on your SharePoint 2013 or Office365 site?
Every time an App Part (the new server site codeless web part in sp15) will link to some content from the host inside his iframe, you will get this message. The client is able to solve this, by setting the URI as trusted site, but ?..
If you have an public site on Office 365 that’s not working for your guests and all web spiders are very unhappy about this. On the other hand MS is IMHO on the right way to split out all extensions from the server, so we have a better chance to hold the system stable and get quickly into the next version.
But I and my buddies wee need the content on the host site, not in an iframe and sometimes also not in an app aka another URI. So I decided to go the old way, build again sandboxed Web Parts.. but from time to time the Sandbox is not able to render the web parts on Office356, that’s why I searched for an alternative and have found this: SharePoint 2013 Web Parts And The App Model, Part 1: The Paradigm Shift. That’s fine, and I will check this later for me, but I have in mind would it possible to do the same without any server side code, or at least only code for the web part editor? We will see..
And yes there are a bunch of other nice things we should know about the CSOM on anonymous publishing sites