On the DDJ portal, Jon Erikson points out the latest Javascript exploit, a fearsome beast if it's not vaporware. I run with NoScript running as a FireFox plug-in and only enable scripting when I need to. Travelocity does a graceful job of pointing out that they require JavaScript enabled. PG.com does a miserable job, recommending I upgrade my browser to IE4 or Netscape.
Get a clue, web developers. If the client comes to your site without JavaScript enabled, it might not be because he lacks a clue. Don't show them that you lack one.