By not secure, I meant iframe injects the script that can be hacked and it is very sensitive subject. But you are right, if whitelisted it can be implemented. Communication between an iframe and parent document is not always possible, they should be within same cross-origin...there are some workarounds but I believe those communication layers are not supported by all browsers, which limits its usage to view only. I believe view only is useful to see statistics/result of the poll...