[cs702]

driverdan -- by your logic, it would be OK to give perfect strangers remote-shell access to one's computer, so long as one takes all the precautions necessary to protect sensitive files and prevent them from gaining root access.

Leave aside the various vulnerabilities (including cross-site-scripting ones!) that get discovered with disturbing frequency, and please consider the subject of this thread: it's possible to make someone click a "Like" button without their realizing it! How many other similar tricks can JavaScript be used for by people with nefarious intentions?

No matter how "safe" any runtime environment is, allowing strangers to execute arbitrary code on your computer is never a great idea.

This is why I allow JavaScript code to run on my browser only when it comes from sources I trust.