I believe the most commonly used method is websocket connections. Two examples I can think of are 1Password and LiveReload (source code available).
As far as I know, you need to open the websocket connection from within your global page to avoid cross-domain restrictions.
Also, in the past I have seen other apps watch and modify an extension's settings file. The extension just reads and writes from it's own settings store, while the other process watches the preferences file for changes. I believe this is less reliable and doesn't conform to sandboxing requirements for the Mac App Store so I would recommend the websockets method.