Re: Considering what the "legal" Javascript malware does...
Mining requires you to allow arbitrary code to execute on that machine. That code could do anything at all.
Nothing special about mining here. Many websites already require javascript, aka the ability to execute arbitrary code on your machine, just to view the page content. And quite often they already use 100% of your CPU, just to automatically start playing a video at full volume.
I really hope that this trend of in-browser mining continues, and the browser makers get a clue and start giving the user more control over CPU allocation per website. That's the only real fix that we need or should be asking for, as guidelines and regulations will always be ignored by the "bad guys".