[lazugod]

This is already the case with Chrome. See http://superuser.com/questions/450893/how-to-install-a-priva... which details how unauthorized userscripts are made difficult to install.

Even better, try pasting

   javascript:alert('hi');

into the address bar.

[btrask]

Those changes were made for security, to make social engineering attacks more difficult. You can still type JS into the address bar, you just can't copy and paste it.

[Kerrick]

Further, you can copy and paste it into the console.

[nathanhammond]

I can confirm that this was to close actively exploited security vulnerabilities. I was one of the first to file a "bug" on this attack vector. :)

[LesZedCB]

this is probably a good thing more often then not, though.

[fudged71]

Fascinating!