Nice question buddy...they have written a HTTP proxy to solve the Javascript secuirty restrictions. Using this proxy made it possible to side-step many of the constraints of the "same host origin" policy, where a browser won't allow Javascript to make calls to anything other than the server from which the current page has been served.
Moreover WebDriver uses the alternative approach of firing events at the OS level. As these "native events" aren't generated by the browser this approach circumvents the security restrictions placed on synthesized events and, because they are OS specific, once they are working for one browser on a particular platform reusing the code in another browser is relatively easy.
Most of the content above is referenced from the below..do read the following reference for more details on Selenium internals