No Script allows JavaScript, Java and other executable content to run only from trusted domains of your choice, say your home-banking web site, and guards the "trust boundaries" against cross-site scripting attacks (XSS). This is the most important feature of this.
Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality…