That's not a language issue, but a platform (i.e. browser) issue. It's entirely possible to enable JS and not have this as the default.
In Emacs, you can install any package that will then do most/all the evil that JS can. In principle, you should be very careful about the packages you install.
That's what he said, more or less: "The problem comes not from the language JavaScript, but from the fact that browsers, by default, ..."
I think it's the cultural issues he's getting at. Minified or otherwise obfuscated elisp packages would rightly be viewed with suspicion. Unauditable JS is the norm, right?
He had devoted a part of the talk about browsers too, starting with:
> But one thing I think we really shouldn't have is the equivalent of a modern web browser.
I think people are focusing on the Javascript part alone too much, when he made it clear numerous times that he is talking about the browser model, not javascript language itself.
but... if he doesn't want the equivalent of a modern browser, then downloading and executing JS isn't really an issue, and thus the whole JS=BAD because you download it and execute it goes out the window.
I don't get it. Like, i don't care if we can write emacs stuff in JS or not, but i don't see how it's any more dangerous than Lisp.
I agree, his reasoning is strange: JS is used in other contexts to compromise user control. We want user control. Thus we will avoid Javascript in this context.
I mean he is only saying JS=BAD in the context of downloading and executing obfuscated non-free javascript. The scenario where JS isn't downloaded and executed (e.g. outside browser) isn't even being what's talked about here much less being also lumped into the BAD group, so it's weird that people here are making this about JS at all, when it's clearly not.
