Besides that JavaScript can be used for snooping various things, some listed at https://panopticlick.eff.org/
Also, the JavaScript sandboxes on many applications are not too good and there are quite a few exploits that take advantage of JS. E.g. https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/