User blog comment:Kirkburn/Technical Update: September 2, 2015/@comment-3388044-20150904013930/@comment-1757994-20150904170555

OneTwoThreeFall wrote: "... pages containing JavaScript code don't have to end in '.js' ..."

But it is how MediaWiki protects js from editing by others, unless they have the specific privilege (edituserjs) to do so. That's really its only purpose. The same with css.

I've said it previously, but I can say it again: Security theater. I'll expand.

By taking actions that are highly visible and restrictive, the attempt is to make people think that security is really tight, because they feel restricted, even (especially) if the restrictions do not address any real or potential threats or dangers.

Security is, and should be, serious business. It is because it is so serious that expending effort (and I'm sure Wikia is expending a great deal of effort) on controls that do not mitigate risk detracts from actually controlling that risk, resulting usually in less security. Ordinarily this argument applies to political systems and civil order. It's a bit amusing to me that it so directly applies to Wikia restricting personal JS. The fallout is similar, too. Citizens of countries with totalitarian regimes don't respect the rule of law more because their freedoms are restricted. The restrictions have the opposite effect. They generate contempt for the law, all law everywhere.

Wikia isn't a country. It's a company. It can establish any terms of service it wants (which don't violate any applicable laws). But it's almost the definition of "unreasonable" to expect reasonable people to respect superfluous restrictions whose only value is the appearance of conscience.