Except for JSONP why is same domain policy is being followed?
The Same Origin Policy has been implemented for security reasons ; quoting a relevant sentence from wikipedia :
This mechanism bears a particular significance for modern web applications that extensively depend on HTTP cookies to maintain authenticated user sessions, as servers act based on the HTTP cookie information to reveal sensitive information or take state-changing actions.
A strict separation between content provided by unrelated sites must be maintained on client side to prevent the loss of data confidentiality or integrity.
Basically, you don't want any given website (like any website you might be surfing on -- and we all know people sometimes arrive on websites that you shouldn't trust) being able to access data from any other one (like your webmail, or account on a social network).