At first I was concerned that the development cycle would like this:
Code, compile bar, upload to simulator, run, modify and repeat
In actually, the development cycle is quite nice, because for non-Blackberry specific code (of which I haven't used much, thus far, I can just do:
Code, open local html file in Chrome, modify and repeat
A few minutes of Googling turned up a few promising candidates. Chrome has a --allow-file-access-from-files flag, but that's only useful for cross-origin scripting between local files - not relevant in our situation. XMLHttpRequest (Level 2) has been implemented in Chrome with "withCredentials", which apparently allows cross-origin scripting provided that the remote server sends back an HTTP header saying the request is cool, but as I did not have access to the remote server in this situation, that was also a no-go. Finally, I found another simple and bluntly named Chrome flag "--disable-web-security" that did the trick.