User blog comment:DaNASCAT/Technical Update: September 9, 2015/@comment-13974523-20150910015502/@comment-25428589-20150910060747

Disabling the mini-YouTube player was obviously something that had to be done. From what I can tell, it could be used by any user to insert any JavaScript into any page, a pretty major vulnerability.

Similarly, JavaScript is being monitored to prevent the inclusion of malicious code into wiki-wide JavaScript, by either admins who've had their accounts compromised, or just admins with malicious intentions.

I don't use mobile, so I don't have an opinion either way on mobile commenting.