It is quite simple to prevent anyone from hijacking your JSON, mainly by making sure that you never design your APIs to return JSON arrays as an HTTP response.
You can also make use of an HttpPost attribute to decorate a specific action in your respective controller so that it should only give responses to HTTP requests that use an HTTP POST action.
Make sure that JSON services always return responses as non-array JSON objects.