The security part is the reason I use NoScript to do this. We've all typo squatted sites we visit, I'm sure. But if I typo squat a site I frequently visit and see the JavaScript disabled, it forces me to recheck I'm on the right site. Granted it's only happened once where I didn't realize I typo'd until seeing it was disabled, but it only takes 1 time to lose everything...

Not sure the fingerprint concerns are too major for me either. Hopefully most scenarios, I'm flagged as a bot or crawler and out of some data that would otherwise have been collected. Who knows. I imagine that JavaScript makes up for way more fingerprinting though.

Here's a counter-argument to yours... disabling javascript can actually make you stand out like a glowing sun. Just like how ad-blockers can be used for fingerprinting, the fact that you're not loading any JS, or any resources it might have fetched, can greatly increase your fingerprint. Along with combining TLS fingerprinting, HTTP headers and HTML/CSS tricks you can still be singled out pretty well without any JS. The fact that you have JS disabled automatically puts you in a very small list of people, so not as many data points are even needed for an accurate fingerprint.

I prefer to block the bad scripts with uBlock/AdGuard and use the rest of them.

I've been doing this for a few years and eventually got tired of whitelisting websites. I've went as far as using NoScript for fine-grained control, but what's the point? If you need a single feature JS, or a single article on a domain, you will let everything run if you grant the permissions, so why bother?

Better keep JS on and run an up-to-date browser with a custom DNS to filter out known malicious websites. Also, don't visit random links, that's an actually good advice.

You'd end up whitelisting sob many sites that it makes this approach worthless in my opinion.

Instead I've settled on blocking scripts by default and whitelisting subdomains until the site works. It does require more time and effort, but it's probably the only way to meaningfully block parts of javascript apart from just not using that website.
Depending on how exactly you so this, you'll end up with a huge filter list. Mine in uBlock Origin has 245kB when exported.

NoScript

You're suggesting a whitelisting approach which I've used for a long time. But in the end, I I was so upset that most websites required me to enable JavaScript for their unique website because they would otherwise be broken. And I was only interested in blocking it for specific webpages so I ended up having a blacklisting approach which I recommend to keep some sanity, but that's my opinion :)

15-20 years ago, I'd have agreed with you. But apart from a select few news sites and exceedingly rare static sites, what percentage of websites most users use day to day actually function even minimally without JavaScript?

I'm convinced that in practice, most users would be conditioned to whitelist pretty much every site they visit due to all the breakage. Still a privacy and security improvement, but a massive one? I'm not sure.

Very happy to be convinced otherwise.

This combined with using a DNS over HTTPS or DNS over TLS that filters out things such as Control D is golden

They have several levels on their free DNS. Level zero has no filtering at all. Level one filters out known malware and shit. Level two filters out known malware and advertising. And level three does known malware advertising and social media.

Thanks for the heads up.