> you'd be executing arbitrary JS code potentially sent by untrustworthy sources

On the other hand, this is true of every web site using a JS-world framework, and worse, even static sites if they use JS ad scripts.