[bzbarsky]

The changenote is talking about access from script.

Script running in a page loaded from file:// will not be able to access the DOM or text of any other file:// URLs, other than the one it's running in.

[kijin]

That makes sense, because so much security nowadays depends on keeping origins separate. It's hard to tell whether any given file:// URL belongs in the same origin as another file:// URL. Better treat each file:// URL as its own origin.