I already avoid home nodes. Several load off-site images, some of which are actually documented as being used to track visits to their home node. Several now grab the userpass cookie, one forwarding it to another site (after stripping the password -- last time I checked). I don't want to be the one who finds the first truely nasty home node.

At least non-home nodes very rarely have any interesting HTML (and those that do usually get voted down -- probably why this is still rare).

As for home-node buttons that send public chat requests, I thought the first one was cute but got tired of it before I even noticed a second one. I've been waiting for the fad to die but am disappointed so far. I don't mind the buttons that post private messages back to the node's owner (though I wonder what the denial-of-service-attack potential for the node owner or the site is). I particularly like Adam's random node button. Posting private messages back to the button pusher is probably harmless.

It is ironic that my favorite web site has also become my most worrisome. I'm about to switch to my former paranoid ways of disabling javascript and autoloading of images and only turning them on for the few sites that both become useless without them and are important.

A compromise did cross my mind. I'd love to see only specific HTML tags allowed in posts and home nodes. Then I could be curious about a monk and not worry about what tricks they might think are cute today...

But each monk (level 5 and above) could have a "play node" where they can post any HTML they want to. Then you could go look at their tricks with the relative safety of knowing who did it (and that they risked throwing away the time it took them to get to level 5 if they did something truely nasty).

As for off-site links, the browsers I use make it easy to see where a link is going before I click on it. Plus, there are plenty of legitimate reasons to have an off-site link in a post or home node. So I'd not ban those.