The thing is, *preventing* Javascript has all sorts of costs. Not only does it mean that I can't let people put arbitrary HTML into pages, it means they can't use arbitrary CSS either. (There are more ways to get Javascript into a page than you may realize -- stripping it out reliably is *very* hard.) For Joe-in-the-street end user that doesn't matter, but for the folks with a little technical skill, trying to build cool and pretty shareable Apps, it's a very serious limitation.
So the question is, in the modern environment, with modern browsers, how *dangerous* is Javascript? I'm already planning that every Space will have its own subdomain, which I believe makes most easy XSS attacks fail. (Since browsers have gotten pretty strict about crossing domain lines.) It *does* mean that Apps will be able to load arbitrary Scripts, which means that they can build fairly arbitrary mash-ups, but that's potentially very powerful and not too terribly different from your average website. (I love the potential for mash-ups -- it means that users can, eg, build Apps that embed Google Maps without waiting for me to build that into the heart of the system.)
So I'm looking for opinions here -- some of you have done more security-wonkery than I, and I'm curious what your take is...