In this world we know that there's at least two kinds of people, a good and a bad. If someone is good then you can trust them and know that they are not out to get you. On the other side of the spectrum -the bad- they are always up to something mischievous. This can also be said about websites!
The Same origin policy or SOP is able to add a layer of security by letting websites share data only if they have the same origin. What am I talking about when I say origin? For that we have to take a look at the url! A url is broken down into scheme, host/domain name, and a port.
When any request is trying to be made by a webpage, that webpage url becomes the origin. Going back to our example from above. Now that we are on this new malicious website. When the website tries to run the request to get our friend list information from Faceboook. The Same origin policy steps in and says, "hold up, wait a minute! Your scheme, domain, and port don't match.".
The request from the malicious website gets denied, keeping our friend list information safe.
This policy is just one of many ways that the information that we keep in certain sites are safe from any outside forces.