In general, one should consider the audience of the content, not NoScript users, in this case.
> JS is a big security/privacy risk.
No, 3rd party JS (and 3rd party cookies, JS regardless) allow you to be tracked. And ad-blockers deal with that. Blocking 1st party JS is of tenuous benefit w.r.t security/privacy.
Sometimes "3rd party" JS is served from within the page. Also many sites are hacked and will cloak the JS depending on how you visit the site. It's especially common with hacked WordPress sites.
> JS is a big security/privacy risk.
No, 3rd party JS (and 3rd party cookies, JS regardless) allow you to be tracked. And ad-blockers deal with that. Blocking 1st party JS is of tenuous benefit w.r.t security/privacy.