This wouldn't work, the majority of users don't read so they would blame Firefox either way. And showing message box every damn time one site has Javascript/SSL (and considering that almost every site nowadays has one or another) would infuriate the users that really want to use this feature. It's a lose-lose option.
I think it's fine to have these options as extensions or even inside about:config, where the user would never disable by accident.
> This wouldn't work, the majority of users don't read
If they don't read, then they wouldn't be using Firefox, since all web pages (barring a few exceptions) would be gibberish to them :)
> And showing message box every damn time one site has Javascript/SSL
That's not what I'm advocating in that particular recommendation. I'm more advocating for some sort of heuristic analysis when Javascript is disabled. There are lots of sites that do silly things like rely entirely on Javascript for rendering text (for example); those should be easy-to-detect as scenarios where a warning would appear.
Also, most similar warnings presented by Firefox already (usually about outdated plugins and such) have a way to permanently dismiss, or to remember a setting for a particular website, or some other way to mitigate the understandable annoyance of always throwing warnings. A "don't ask me again" would immediately resolve the problem you identified.
> I think it's fine to have these options as extensions or even inside about:config, where the user would never disable by accident.
I think that's fine, too. My comment was more about identifying the correct cause of various effects - i.e. that the harmfulness of the checkboxes being criticized is due to their non-obviousness rather than their existence.
Users don't read material that's put in front of them. Modal dialogs get dismissed without reading, non-modal dialogs (Firefox's doorhangers, Chrome/IE's notification bars) get ignored completely or dismissed.
In this case, though, the resulting page without Javascript would probably be entirely empty. Maybe Firefox could detect that and throw up a full-page-error kind of thing (like e.g. an SSL cert-failure error page) rather than a dialog. "There's nothing here. We detect <script> tags on the page, so you probably need to [enable Javascript]. Don't do this if you don't trust the site, though—you disabled Javascript for a reason!"
Basically, a heuristic browser-chrome view in place of what used to be a site-author's <noscript> view.
I think it's fine to have these options as extensions or even inside about:config, where the user would never disable by accident.