[jcromartie]

I'd reckon that most of them are FOSS weenies and/or security paranoid. At least, that's the common thread among my peers who disable JS as a matter of principle. They are proud of it, and they are happy to find a reason (like requiring JS) to snub your web app.

Then there are the NoScript people, who are willing to whitelist your site to allow JS if they think there is value in it. These people skew the numbers but are pretty reasonable when it comes to turning JS on.

[Natsu]

I'm one of those NoScript users. Most sites get temporary permissions if they actually need them for something I want to do, trusted sites get whitelisted if I visit them often enough.

Pretty much all of the attacks against Mozilla that might have actually affected me have been mitigated to some extent by NoScript, so it's pretty useful.

[prodigal_erik]

Paranoid is assuming attackers are out to get you. I just assume attackers are abusing automation and out to get everyone, because we have already seen that happen several times, and there's no reason to believe javascript sandboxes are suddenly flawless despite their disappointing history.

I also have scripting off because I tend to be curious about the diligence and talent of the authors at a site.