Due to implementation chosen by Cloudflare, allowing Cloudflare also allows the proxied website to run code, because Cloudflare blends with it, but why the proxied website should be trusted if the challenge is served by Cloudflare?
That's like saying that you're blocking yourself when installing an adblocker.
No, it's for safety and hygiene.
> Seems really disingenuous to imply it's someone's fault
That's because it is. I didn't make the web and I don't work on websites. But I have to deal with it because some fucking dumbasses decided they wanted to save some server cycles by offloading all the hard work onto the client and ruining internet safety in the process, while also offloading the cost of power and performance onto users.
So if disabling javascript is what's needed to keep my safety? So be it. If it breaks some asshats' websites, then they're websites I don't want to use anyway.
Maybe for you.
But I don't let random unvetted websites run code on my computer. Checking that box requires it.