Not wanting to execute arbitrary untrusted code on your machine? While there has been lots of good work put into sandboxing browser by the browser vendors, the ability for attackers to run custom code within the browser makes many exploitable vulnerabilities a lot easier to exploit. Things like the various privacy leaks based on cache timing, visited link styles, and so on, or just exploiting buffer overruns that have been protected against by address space layout randomization but with arbitrary code the exploit can try the same thing over and over again with different size inputs until it finds one that works.
Running JavaScript in your browser automatically from any site that you visit is pretty darn scary when you think about it. You can protect from a whole host of vulnerabilities by disabling it, and then whitelisting only hosts which you trust.
Viewing some overly crufty sites can benefit from having JS completely off rather than "simply" using an ad-blocker. I'd wager that some tinfoilhats still run with JS off, or at least NoScript almost everything.