Because the script is being run in the context of the trusted web site, it has access to cookies such as session tokens, as well as any other user information available within the security context of that web site.
Going forward, any app that needs more than 100, 000 tokens to do things like access the timeline, show DMs or anything else a client app might do will also need Twitter's permission to operate.
Since Intel IPT is embedded at chip-level, unlike hardware or phone-based tokens, it can enable more secure, yet user-friendly cloud access protection.