Modern browsers prevent scripts fetching RSS feeds from sites out of the domain of the running script.The RSS feed gets transmitted but the browser's Same Origin Policy won't let you access it.Only feeds from servers that specify the CORS Access-Control-Allow-Origin header can be read.
Why?
We are not talking about malicious scripts - just XML data.What is the thinking behind considering an RSS feed as a potential danger?How could it be exploited?