That's a tidal wave of account compromises waiting to happen. Not to mention JS worms that spread from post to post.
I guess unless you use some kind of JS sandboxing software like Google Caja or ADSafe. Still seems a bit risky, though. And lots of work to get right.
Edit: Oh. Caja is deprecated. But maybe Closure Toolkit? Anyway. Even if there are tools out there to make untrusted JS safer, I still think it'd be a lot of work to get right, and hard to know for certain if you have gotten it right until... well until it's exploited.