Yep it's definitely by design - I was wondering if there was a way to remove it though.
JavaScript is looking like the only way around it currently. I was hoping there'd be a non JavaScript solution available first though.
The problem is that I've got a virtual directory in the main CRM folder in IIS that I want to access in an iframe, so I'm using the URL '/../MyVirtualDir...' Of course I could write this as a full URL path rather than a relative one, but the problem then is in moving my solution from a test to a live environment.
But it looks like I'll be using JavaScript to sort this now, anyway.