The only thing JavaScripty about the node is that it automatically submits a form.

I could write my own form, with a hidden node_id field and a carefully prepared chatterbox message, and do the same thing. Without JavaScript, it's not even as malicious as assume all vroom's godly powers.