JS & trust?
If you're using JavaScript & trust in the same sentance without a "will never earn any" inbetween, you're not paying attention. There is no trust in JS unless the only JS you run is the locally stored, locally vetted, & locally secured code you've written yourself. Everyone else's JS code, especially if stored/run from a 3rd party server, is no longer secure nor trusted.
I know I'm insane, my Dried Frog Pills say as much, but if *I* think using JS is a bad idea, why aren't supposedly saner heads not putting the concept out of it's misery with extreme prejudice?