You mention that the JavaScript console has been used maliciously – doesn’t its continued existence show that we can put up a fence that’s good enough? Even the most locked down corporate PCs still provide access to the console. I’ve also never heard of anyone being tricked into rooting an Android device or enabling USB debugging.
It shows just the opposite. These instructions were being provided to people who should never be opening the JavaScript console because they couldn’t understand what they were pasting into said console. And for some browsers, that means potentially opening up things like USB because of inane standards like WebUSB.
