So any web site which uses Javascript is open to compromise and therefore could become a mal-Javascript distributor.
XSS leverages javascript, sure, but there are many ways of breaking a site's security without using javascript. Javascript itself is not a security problem, since it runs in a sandbox. Security problems, even those manifested through javascript, are always caused by bad design on the back-end (not filtering user input correctly).
The overemphasis on how fast Javascript runs seems to be due to a lack of serious thought as to how to make browsers better at doing what they were designed to do -- which was *not* to run "web-apps". We used the Internet very successfully for over a decade to provide information -- not to run apps -- if it wasn't (isn't) broken why the emphasis on fixing(?) it?
Just like the purpose of land-line communication has changed from voice calls to data, so is the purpose of browsers changing from document viewing to applications. The browser as a rich app platform is a good thing. It takes a lot of worry away from end users (upgrading, security, installation, ...). In the long run, we're all going to have better and easier to use apps because of it. We're finally going to be able to get rid of our personal computer as a physical piece of hardware. A PC should be a metaphorical construct that follows you around as needed, regardless of the hardware involved. The web is the only credible way of doing that.
I note this with an aside that the U.S. Government (NIH NCBI) no longer allows complete access to its *public* databases, e.g. PubMed, by browsers which do not have Javascript enabled. (One is compelled to ask *who* for the most part paid for that information but can no longer access it?).
Javascript is as essential to a modern browser as HTML and CSS. Disabling javascript has no point anymore (ever since accessibility products learned to cope with ajax). If you're talking about using tools like curl to extract content, then I agree that ways have to be provided to easily obtain all the content from a site. That doesn't mean that these sites should cater to the lowest common denominator and give everyone a shitty experience to allow a corner case. It just means they need to implement the corner case as a separate solution. Ever used a web app without any javascript? It's always a lousy experience. I don't see why that should be foisted on all users.