Old thread but it has been bumped recently so I might as well contribute to an unasked question on the post.
Your ability to access certain things is based on the environments Context / Identity level. For example, the command bar can index game.CoreGui, however, a localscript can not. The exploits just have elevated contexts that allow them to index what a normal LocalScript can not. 
You can view the identity level of the current environment by calling the printidentity function.
Using this you can see console has an identity level of 4, whilst a LocalScript has a identity level of 2. 
A lot more (and probably more accurate) information can be found on this devforum post. A Current Explanation of Normal Identities and Security Tags