[krapp]

Opting in to javascript wouldn't make anyone any safer. You would literally have to manually inspect every line and re opt-in with every single request (since javascript can be dynamically generated per request) to even attempt to verify the safety of the code. Most people would simply be annoyed, and browser vendors would add opt-in by default as soon as possible, just to survive.

If you trust javascript that little, just turn it off entirely in your browser and let the rest of the web be. You're far, far more at risk from the browser itself, plugins and apps than from javascript.

>The idea that any junk website is allowed to execute code on your machine without asking or even the user being aware is a fundamental security flaw.

That's not a bug, it's a feature.