Javascript and the way it’s downloaded and executed in general is perturbating, not only the licence.
Given a never versioned, never archived, untrusted, unknown, new, maybe badly written, by a non-trusted source (and that often happens, concerning javascript), and given all the scary things you can do from javascript (track mouse and keyboard patterns to uniquely identify people, transform your browser in websocket client/server, find your IP, etc.), and given that even native, local and free software have been known to do privacy-questionnable things (unity amazon partnership), I’m not sure a free licence is a sufficient guard for user freedom. Because usually, the fact every user isn’t able (or just willing, if they’re able) to inspect and modify each code they run, is pondered by the fact they could ask someone else, or could learn and do it later: with javascript from the browser this often might be impossible as the website could as well send a different javascript per http request, so the version of the non-dev and the version of the dev could never be the same, same thing for different periods of day, week, month, etc. You could even maybe try to find patterns so that the nasty features of your non-free javascript are heuristically less likely to be sent to people or at time more likely for it to be inspected. So I wonder if librejs has or plan to have any capability of fingerprinting, randomly deterministically-compiling (including “minification”), and eventually collaborative archiving of source code of downloaded javascript, to be sure nobody is exposed to untrusted source code that might lie on its origin, or be different of the ones that were inspected. If not so, including a such thing not only would be reassuring, useful, and a “selling point” in terms of security for librejs, but it would be a good experiment to enhence the security on the web and typically of systems which includes as a “feature” automatic and transparent execution of remote turing-complete code.
