Because webmasters use it to make:
- Popup windows and Popunders
- Windows presized to some size the user don't want.
- Windows with no functionality, ie. just a frame with contents.
- Full screen windows, again a size the user don't want.
- Forcing windows to front of the screen
- Taking over the status bar
- Alert boxes
- Browser sniffers
- Cursor following animations
- Guessing resolution (irrelevant and often wrong anyway)
- Used for links where a simple HTML link is sufficient
In a default security environment in a web browser you should always see warnings when abuseable scripts are about to be executed, this offers some simple protection. If a page or "zone" is given increased security privileges then some such content (if not all) may be executed freely. JScript may read/write/delete files, start any program on your machine e.g. format or a "Trojan" application. Outside of the context of a web-browser the Windows Scripting Host (WSH) allows scripts to be executed on your Windows machine that are just as damaging. Indeed the VBScripts that people associate with viruses like "I Love You" are executed via the WSH - JScript can be used to write equally damaging scripts.
An anti-virus application like Norton Anti-Virus should capture such scripts whether in or outside of a browser, a software firewall like ZoneAlarm will capture most Trojans and may offer script blocking as well. On the server JScript is used under the umbrella of ASP to build interactive web applications, where you mostly likely would desire to use these features. On the server these features may be abused if the server is breached or if the administrator has not configured the server correctly.