> Content scripts execute in a special environment called an isolated world. They have access to the DOM of the page they are injected into, but not to any JavaScript variables or functions created by the page. ... The same is true in reverse
I don't know about this specific point, but you might want to take a look at the greasemonkey security pitfalls page [0]. There's been a lot of effort put into how all of these parts work together to make sure that malicious Javascript on the page can't interfere with what the plugin or userscript is trying to do.
Chrome extensions' content scripts are under stronger isolation from the page than greasemonkey scripts are (or were? -- I'm not sure if greasemonkey has changed since). Chrome extensions run in a separate "isolated world" from the page. They never share javascript objects directly. (They do share the DOM, but the isolated world gets its own separate Javascript wrappers around the DOM.) It's not possible to leak a function from the extension to the page, etc.
The page could only see a mutation event and get a reference to the element if the element was attached to the document. If the extension never attaches the anchor element to the document, then the page's code can't get to it.
