Fun fact: Noscript loads and parses all javascript and then just stops it from running against the live DOM. Decreases page render time, sure. Prevents exploits? Don't think so.
NoScript won't actually execute any of the Javascript, though. I am not aware of any historical vulnerabilities from the mere act of loading and parsing Javascript, though they're certainly theoretically possible. It's much easier to secure a parser than a runtime.
I can't recall a single exploitable bug in these competitions that attacked the javascript parser. Running the js is a far larger surface area to attack.