As far as I am aware hacking the browser via malicious Javascript is still a thing. I don't mind selectively enabling it for a particular website, but I absolutely hate how every site I go to serves up Javascript from 10 different URLs.
http://www.tomshardware.com/news/pwn2own-2017-microsoft-edge...
