What was the rationale behind this decision?
A very good answer! I'm curious about one thing - your answer implies that NoScript by virtue of being installed can prevent some attacks. Am I reading that correctly? I thought NoScript was a simple boolean deny on domain X, allow on domain Y kind of extension.
You are reading that correctly, Samuel: NoScript does more than the name suggests! It is able to block other content such as Java and Flash and has XSS countermeasures, among other things. The web site gives a good overview: http://noscript.net/features