This is the logic the Tor developers went with when they decided to leave javascript enabled. Oh , new users wont know to turn javascript on if they need it and so much of the internet needs javascript and there are other ways to be attacked anyway. So they left javascript on to cater to the noobs, and the noobs got fucked by it since the people who know to harden their browsers turned it off manually. There is a line between easy to use and secure, and when people head too far toward easy to use they get pwnt. We should not cater our tutorials to people who do not want to be secure. If they want to be less secure than we know how to be, they can still be more secure than the average user. Using Whonix from Windows is much more secure than using the TBB alone. Using Tails could be seen as an improvement as well, and certainly would have been for users accessing FH when it was pwnt. Users can pick their own trade offs, but we should always suggest the most secure solutions just like Tor Project should have had javascript disabled by default. People warned them months prior to the FH attack that having javascript on by default was going to lead to compromise of users and they always waved their hands talking about how people want to watch videos of cats on youtube.