There are plenty of evil things that users could do, with or without javascript. They don't happen here because we are a friendly community. (I hope). As things currently stand it is rather simple for a user to read (and log) the cookie of every visitor to their homenode. This gives them a bunch of passwords (encrypted) and all the time in the world to run crack on them. You could also cause a person to spend all their votes on your favorite (or least favorite) nodes. Or cause a person to say something stupid in the chatterbox. Etc. But these things are all somewhat limited... how? Community.

Personally, I do not wish to see JavaScript removed from homenodes. I want to see people who abuse the privelage (sp?) banned from the site. I think you should need level 2 or 3 or higher before you can put anything other then <p> on your home node. Ok, maybe they should just be limited to Perl Monks Approved HTML tags. But still, once a person has established themselves as a member of the community their home node should be a place of expression. They should be allowed to do almost anything there (within reason... as defined as non-malicious).