It doesn't even have to be non-free, non-free just makes it easier to hide
it's functionality. Just having any program load without users knowledge is a
very bad trait to have.
LibreJS is okay but can still allow malicious code to run provided it has the
right license, I mean how many people would actually check that code before
running that specific instance? No-script at least allows you to control it
with a fine grain.
I'm sure as you would know, this is a very extreme case that free JS would
actually be looking to be LibreJS compatible but it is not an impossibility
either.
