Javascript's eval can be very useful in general, and in fact, the most useful form of it is when you *are* invoking it on dynamically generated code that simply cannot be as concisely expressed in any other way. That's not to say it's impossible, but it can often be a darn sight more convoluted to not use eval in Javascript to get a particular job done than it would be to write it using statically compilable code. Some may argue that this is a flaw in the design of the language itself, but I would personally be reluctant to quickly discard the feature entirely simply because of its potential for abuse in this particular way. I would suggest that there are almost certainly other ways to achieve the desired ends, but they most probably involve much more complex intermediate goals.
Blocking eval itself isn't generally a solution anyways, since javascript within the browser could invoke 'document write' to place additional code into the page where it is executing, and then simply directly call a function that it dynamically added to the page using such a technique to achieve the exact same thing as what could be done using eval.
I suspect the longer term solution is for browsers to sandbox javascript pretty tightly.... malicious code that detects such sandboxing as an attempt to evade detection as such may not get detected by the browser as problematic, but still won't be able to accomplish anything because it will still be inside of the sandbox, and when the code tries to do something that is prohibited, it can be immediately flagged at that time rather than just trying to detect it at page load time.