Your own source proves me right:
In addition to being nonfree, many of these programs are malware because they snoop on the user.
My framing of their position on security might’ve been a bit oversimplified, but the point is that they’re making exaggerations and generalizations about the security of software purely based on the license of the software, and then recommending users entirely avoid non-free software for that reason.
They perpetuate this same misconception in other ways as well, such as their endorsed GNU/Linux distributions which exclusively promote insecure Linux-libre distributions. Again, they do this while calling most proprietary software malware and suggesting people avoid it for security reasons. There are many more examples I could give but I think I proved my point well enough.
I’m critiquing your underlying reasoning behind recommending this extension, which is that non-free JS should be blocked and that free JS should be allowed for privacy or security reasons. If it’s obvious to you that this is a flawed approach, it makes no sense to create this suggestion based on reasoning you yourself disagree with. Perhaps one of us is misunderstanding the other?
Not everything which meets the minimum criteria gets recommended, that’s why we have discussions about whether something is necessary and whether it has pros and cons. But yes, incompatibility with Chromium isn’t a deal-breaker. I’m just comparing it to what is already recommended and what alternatives could be better if for some reason something like this were to be added as a recommendation.
All recommended browsers do not block scripts by default, doing so would require manual intervention from the user one way or another. Either by changing a setting or installing an extension which does so by default. The reason this is worth mentioning is because we should avoid recommending extensions if they’re not strictly necessary, as explained in the extensions page you linked to:
In general, we recommend keeping your browser extensions to a minimum to decrease your attack surface. They have privileged access within your browser, require you to trust the developer, can make you stand out, and weaken site isolation.
However, some provide functionality which can outweigh these downsides in certain situations, particularly when it comes to content blocking.
Don’t install extensions which you don’t immediately have a need for, or ones that duplicate the functionality of your browser. For example, Brave users don’t need to install uBlock Origin, because Brave Shields already provides the same functionality.
If we can agree that blocking or allowing JavaScript based on its license is out of scope for Privacy Guides (as it is at least a somewhat flawed approach to security), then the main consideration is whether we should recommend blocking JavaScript by default or not, which can be done with the already recommended browsers/extensions.
Blocking JavaScript is already sort of recommended, for example it’s listed as optional in the Brave Shields section. We could have a discussion about whether that recommendation should be displayed more prominently for other browsers, but because of how much it’d inconvenience users I don’t see it ever becoming fully recommended. At most we could make more mentions of it as being an option to be aware of.