Google +1 widgets don't "break out" of their iframes. They're not in iframes in the first place.
As the first SO response points out, the widget is JavaScript code that runs in the host page, so it can easily create and manipulate any kind of DOM element anywhere in that page. Of course there may be iframes among those elements, but the JS code isn't limited to that.
That's right, the bulk of the gadget may run in one or more iframes. I just meant that they do load a script element into the host page.
Once you do that you can do anything to the page, and you can also use one of several methods to have this script communicate with scripts inside the iframes that it creates.
As the first SO response points out, the widget is JavaScript code that runs in the host page, so it can easily create and manipulate any kind of DOM element anywhere in that page. Of course there may be iframes among those elements, but the JS code isn't limited to that.