Automatic execution of javascript from arbitrary random domains is the biggest mistake the web ever made. A completely 180 from the old "Don't run programs you don't know where they're from." We're doing this to ourselves. I know it's too late to save the corporate, institutional, etc environments, but in your personal life you should set your primary browser to not auto-execute random programs. It'd solve this.
Given the lack of friction going to a random website, "Don't run programs you don't know where they're from." automatic execution of javascript from arbitrary random domains would mean "including the one you are visiting".
Which is exactly the way I think it should be. Web should have been noscript by default, domains should be added on case by case basis. Compared to the current situation banning web scripting essential to the functioning of any commercial websites altogether (because something something ADA screen readers for example) would have been better :)
