It would be great if there was an option to block JavaScript on every HTTP website by default.
I also think you should add these features that have already been requested:
What makes JS especially dangerous on HTTP? Gathered information leaking to a mitm?
JavaScript has some security vulnerabilities, so I think that blocking it on HTTP website would be a good security feature (but I’m not an expert, so I’m not actually sure).
I’m not sure if there is more to the story that is specific to JS, but one generic thing I will say is that unencrypted (plain HTTP in this case) connections can be much more easily hijacked by an existing MITM than can encrypted ones.
And a hijacked connection can have unexpected code (JS) inserted into it, whereas this is infeasible in the case of HTTPS.
So putting all that together, it means you are exposing yourself to the possibility of executing code coming from who-knows-where, perhaps not the site you think it came from.
and what doesn’t have security vulnerabilities nowadays?
Some of those are blocked by default already, like the XSS.