It's still images that can't be displayed without Javascript enabled. It's also a distinction without a difference. It's third party code downloaded over the internet and automatically executed on my computer.
And also, JavaScript should always be enabled. Very very few people disable it and they are used to have a broken web experience anyway so it’s not an issue to ignore them. Worst case they don’t see pictures until they eventually enable JavaScript.
Executing third party code in a sandbox is a security risk. You need to allow a level of risks when you use your computer on internet, and by disabling third party code you are safer but you also have a lot less useful computer.
I think they wanted to say that when you make a website you can pretty much expect everyone to have javascript enabled since it's on by default. Outside of HN IT nerds of course :p
I wouldn't be as prescriptive as the OP, but it seems to me that the vast majority of web sites for 15+ years have had some JavaScript, even if they aren't "single page applications". Sometimes those sites will break completely without JavaScript, but very often it's more that parts of them break, or just work worse.
I know the folks who advocate turning off JavaScript think that such reduced functionality is a worthwhile tradeoff, but they don't know what they're missing in a very literal sense. And I can't help but suspect the main benefit they're getting is not improved security; it's a warm, fuzzy feeling of smugness. Many of them probably also use Emacs.
When I look at the most visited websites, I see mostly web applications that are a bit more complex than static text and images and they all require JavaScript. For sure you could create lightweight versions of many of these applications, without JavaScript and server side generated HTML, but my point is that the users should have JavaScript enabled to browse the web.
It's not the "very-very few". It's the combined population of several large countries.
Because you're immediately excluding people on old devices, on underpowered devices, on devices on bad networks, on devices with weird/incomplete/glitchy/limited support for what you need, sites where JS just errors out (and dies, because there are no recovery options if there's a global JS error)... And the list just goes on, and on, and on.
The inability of developers to look beyond their latest-and-greatest dev machines with unlimited power and everything under the sun enabled is just mind boggling.
