Usually, Javascript is enabled in your browser, unless you explicitly turn it off.

What it's supposed to be good for:
Javascript is commonly used to implement flashy features of marginal utility such as mouseovers. Mouseovers are when you move your mouse over something on a Web page and something happens, such as maybe that something changes appearance, or maybe a little menu pops up.

Javascript can be used to create highly interactive games on the Web.

Javascript is also used to do client-side validation of input in forms. The idea is your own browser checks that everything you typed in on the form is valid before it sends it to the server.

Javascript can be used to create guestbooks, calendars and the like.

Finally, Javascript is used to create popups and popunders.

What's wrong with it:
For starters, Javascript is used to create popups and popunders. Advertizers love them, as a way of getting in your face. But computer users hate them, because they're annoying. Also some malicious Web sites use Javascript to fill your screen with hundreds of popups that you can't get rid of.

Even worse, Javascript is full of security vulnerabilities. Using Javascript, a dishonest Web site can get your private information, such as passwords and credit card information, off your computer without your knowledge or consent. When a crook grabs your credit card info, it's as bad as if he had stolen your credit card. He can run up a huge bill and destroy your credit rating. Here's a list of some of the possible ways this can be done. And below are some quick links to reported vulnerabilities:

New Phishing Scam Prompts Warnings
CERT? Advisory CA-1997-20 JavaScript Vulnerability
Adobe Acrobat does not adequately validate Acrobat JavaScript
WebBoard does not adequately validate user input thereby permitting arbitrary JavaScript execution
Lotus Domino Server R5 vulnerable to Cross-Site Scripting via passing of user input directly to default error page
The list goes on and on, but you get the idea.

Javascript isn't the only way to create guestbooks, calendars and the like. These things can be done entirely on the server.

Javascript is one of the best ways to put highly interactive games on the Web. Is that really worth it?

Finally, Javascript really isn't the best way to do validation of user input. If a Web site expects the browser to validate the input, then a malicious user can create a program to feed invalid input to the site without using a browser. No browser, no Javascript, and so no validation. So you really need to do the validation in the Web server anyway.

Some people say that doing validation on the client with javascript will reduce net traffic. Sorry, I don't buy it. Every time you lod a page with Javascript, you have to download that Javascript code over the net. This happens even if you have Javascript disabled in your browser. A lot of these scripts are huge. They make up most of what gets transmitted over the net.

In summary, everything Javascript can do can either be done better some other way, or is so trivial it's scarcely worth doing. And it's very dangerous. It's just not worth it.

What to do about it:
It's possible to configure your browser not to support Javascript. This sounds like it should solve everything. But there's a catch. There are a lot of sites out there that depend on Javascript to work properly. They're just put together that way. There are ways to put together these sites without needing Javascript, but the people who put these sites together didn't bother. Hotmail is one offender.

So what you need is a strategy to cope with Javascript. Here's what I suggest:

• Disable Javascript in your main browser.
• Avoid using sites that require Javascript, as much possible.
• Keep a second browser on your system that has Javascript enabled.
• Use the Javascript-enabled browser for those sites which require Javascript, and which you absolutely must use. Use it only for these sites.
• Try to set up your Javascript-enabled browser not to store its cookies on disk. Failing that, delete all cookies after every use of that browser.
• Raise a ruckus. Complain about every site that requires Javascript. If they ask why, point them to this page. Remember, there is no good reason why any site has to be made to require Javascript.
• Spread the word.

It's not just me:
Anti-Javascript FAQ
"This page optimized for ..." - arguing with customers -

Final notes:
It's entirely possible to make a site that uses Javascript, but does not require it. Such a site will have some frilly extra features if you have Javascript enabled in your browser. But if you disable Javascript, the site will still be perfectly usable. I have no great objection to such sites. But sites that require you to have Javascript enabled in order to use them at all are inexcusable.