Is there a risk that future revisions of the Same Origin Policy or other browser security measures could prevent the cross-domain asynchronous request capability of JSONP?
This would have to be taken into consideration if a developer intends to provide asynchronous capabilities in a public environment.
As JSONP relies on script tags for transport, I would think it should be relatively safe: disabling access to scripts on another domain would be a big change to the way the web works. JSONP deliberately works around the same origin policy, and it would take a fundamental change to the way browsers process scripts for it to fail.
Unless all external scripts somehow become sandboxed from interacting with your application (which would break sites everywhere), JSONP should stay safe.
Plus, as more and more browsers introduce cross-domain support a la Flash's crossdomain.xml, I would imagine our abilities to "trust" scripts will only increase.