Changes

Another example where this is useful is in a yelp-like app. Yelp has the ability to visit a restaurants website directly in the app. By using <iframe mozbrowser> to open the restaurant website, the yelp app ensures that the restaurant website can't contain an <iframe> pointing back to http://yelp.com. If it does, it will only receive the yelp website, rather than the yelp app. So there is no way that the restaurant website can mount an attack against the app since the contained yelp website won't share any permissions or data with the yelp app itself.

As has been discussed above, an app can always contain content from multiple domains. This is exactly like how a website today can create an <iframe> pointing to a different domain.