Dynamics provides a security control when using iframes named Restrict cross-frame scripting. This locks down an iframe so that it cannot execute scripts, load plugins, submit forms, etc, to prevent any malicious activity.
This should not be used for iframes hosting DM applications because it will prevent the application from functioning. The intention for this security control is to restrict untrusted content. However, the only content loaded into the integration iframe is the DM application, which itself has security controls in place (as outlined in more detail in the rest of the document) and has had penetration testing performed upon it. Therefore, this option should be considered not applicable.