On WebKit (can reproduce in both latest Chrome and Safari), a security error is displayed in the console when attempting to access the property of the window object hosted on a different origin:
Unsafe JavaScript attempt to access frame with URL http://localhost:8000/main.html from frame with URL http://localhost:8001/iframe.html. Domains, protocols and ports must match.
It seems this error isn't thrown as it is not catchable (see try...catch block in the example) and doesn't affect the program flow (statements below it still get executed).
As there aren't ways to find out if two windows share the same origin, it's impossible to avoid this warning.