I have had a few different conversations with people about the whole App Web Part IFRAME problem lately. Basically this problem means that you can't make calls outside the IFRAME using your code (it is a security feature of browsers). This leads to the whole, "how limiting it is blah blah" conversation. I simply say to them…why are you doing it like that?
Most people think that using the App Model means that you are constrained to the boundaries that the App Model enforces. The truth is, you are not. If you are building useful "longtail" apps for companies, you should realize, the App Model doesn't need to be used as it was originally intended. You can utilize its deployment mechanisms to get your files to the host web. This pattern is a part of one of the labs in the O365 Dev course. For example, if you have a workflow that needs a well defined url for external communication (ie the random app web url won't work [think redirect urls]), you can deploy all of the content of the workflow to the host web and then run it from there (no app web needed at all, as a matter of fact, you could delete it completely after deploy).
How do you do this? Use the App installing event handler. As part of the App Model and the Visual Studio project, you can create an App installing event handling web which will get called and pass an access token to make calls back to the app and host webs. Once you have that, the sky is the limit. You don't have to deploy your code to the app web, but simply copy it from your web server to the host web. In this essence, you are simply using the App Model as a "means to an end". This will eliminate all your app web part IFRAME woes.