Using http://youtube.com/v/fhG5ToCpNh4/ in an iframe yields these attributes for the YT player:
x-frame-options:SAMEORIGIN
x-xss-protection:1; mode=block;
Sorry but I think you are out of luck, the only known work-around for the same-origin policy is to write a server-side proxy. Which in this case you may as well download the .flv and host it yourself.