[dkokelley]

Can't say for sure that anything is completely secure. JS is just one of those things that's easy to defend against, and it plugs a major attack vector. It also kills many tracking techniques. I also have a hosts file that blacklists known virus/shock/advertising sites, as well as ad blockers and "antisocial" plugins that remove Facebook "like" and other social media sharing buttons (which can aggregate your browsing history and connect it with your social profile).

If you're very paranoid, you can set up a sandbox VM for risky sites. Just make a good stable image and reload it every day in case you picked up anything bad.