[sneak]

I am not nobody. Neither is Ed Snowden. Neither are the people who trained him, who regularly use javascript to exploit browsers.

Many of us that know how security works on the modern web browse untrusted sites without JS enabled.

[userbinator]

This. The vast majority of browser exploits are in code related to the JS engine and its accompanying huge API surfaces, and even those rare ones which don't require it are often obfuscated/hidden using JS.

Exploits aside, the amount of user-hostile irritating annoyances that just disappear without JS is also worth mentioning. Many years ago, I remember a site that was completely usable, yet continually begged me to "enable JavaScript for a better experience!", so I tried it and was immediately inundated with popups, moving flashing crap all over the page, and other things that I did NOT consider a "better experience". Never again.