[Zirro]

Few of the popular ones, but there may be some misconception here. NoScript isn't meant to be blocking JavaScript for all sites. If you trust a site, which doesn't function without JavaScript, adding it to the whitelist is one click away. You get used to it quickly.

And, even in the mode where JavaScript is allowed by default on new sites, the other protections (Clickjacking, XSS, ABE, etc) still apply.

[moe]

It's a little bit like the cookie-situation back when the internets were still young.

Many people (including myself) would swear by leaving the cookie notification on and confirming every. single. one. of. them.

That has long stopped being feasible and I assume it will be the same with NoScript in a few years.

[timmy-turner]

Isn't this the fault of a bad UI mixed with bad defaults? I'm using the Cookieculler FF addon (https://addons.mozilla.org/en-US/firefox/addon/cookieculler/) to manage them. Instead of torturing me with a modal popup for every new site I visit, it keeps a list of hosts and cookies and trust status in the background. Using that list to protect important but delete/block all other cookies is quite convenient.