[grifball]

We spend a ton of time locking down OS API/ABIs to prevent sandbox violations and I wouldn't trust a shared server with sensitive data unless I had an IT team working on it. JS seems to be a lot better with sandboxing though. You still have to really worry about CSRF though. I use multiple profiles to ensure sketchy sites can't get at my data.

I think JS gets a bad name when people use it to make crazy modal popups or inline video ads or change the way the page scrolls. Beyond that it's cool that devs can get really creative with a website and I love coding in JS. But also you're adding a lot of complexity for that. HTML/css are fine for creating a website that communicates information and maybe even looks nice. And they aren't actually a programming language, they're just data. JS is a full programming language and gives you enough rope you hang yourself and I think developers kinda go off the rails messing with their sites and ruin the user experience.

It is cool that I can have whoever execute code on my machine without worrying if it will get privileged access to it. That is a pretty amazing feature of JS/browsers.