So do it, and render the entire line of discussion pointless. This argument comes up often when discussing JS crypto, and while I agree it's silly for any system that actually has assets worth protecting--personal or financial info, for example--there are plenty of attackers that don't have financial motivation, resources, or knowledge, and just want to use the easiest crap available to them to mess with other users.