JavaScript

So... there's a practical difference between rendering markup, which is handled by the browser engine and generally benign, and running executable script, which is frequently malicious.

Allowing your website to load JavaScript means that I'm allowing you to execute arbitrary code on my hardware. Hopefully the potential blast radius of any malicious code is limited by safety precautions in my web browser, but a web browser is not a security barrier and should not be relied on to protect the local system from malicious code downloaded from the Internet. The most pernicious and seemingly unavoidable behavior of JavaScript on most websites is device fingerprinting, and to get a better understanding of how much of a problem that is check out https://coveryourtracks.eff.org/

The simplest step to prevent a lot of this malicious behavior is to block executable script. This is not really a new thing on the Internet, as extensions like NoScript have been around for 2 decades and have millions of users. This should be anticipated by the web developer as a completely normal use case.

Competent web developers understand that they have privacy-conscious users who block external executable script as a matter of course. Your website(s) should be designed to account for this, and should at least render and display information in a readable way without needing to execute your un-vetted code on the user's system. Maybe some dynamic functions of the website don't work, but that's OK as long as the majority of the site is accessible. A JavaScript-dependent website is no better than a Flash-dependent website, in terms of security, privacy, and professionalism.

NoScript frames this as a consent issue, and that's probably valid:

NoScript enables consensual browsing: your browser, your choice!