It's true that if we granted permissions to the 'final' url, script at that url would have to make sure that it operated within-origin relative to the final url, which could be difficult if the redirect logic is variable. However, it seems to me that this is a generic problem with meeting same-origin restrictions when using redirects in this way. Gears doesn't make the problem any worse. (I think all of the Gears APIs allow relative URLs?) By granting permissions to the 'final' url, we don't make this any worse, some use cases become possible, and the behaviour seems more consistent.
I guess that preventing cross-origin redirects for worker URLs works too. Steve
