But the JS is served to the browser each time the page loads, you can’t be sure it stays the same between loads. Sure, this is the same problem as malicious updates, but still exaggerated - the opportunity to slip in altered code is “every time you open the page” rather than “every update”. Plus much more convenient to do targeting.
Yeah, but quite a few of them DO accept crypto - then it’s fine I guess?