Re: "Google may be OK with this but ultimately it's a big risk for them"
@Tom38,
Right, but we aren't talking about reality at the moment, someone posited the thought experiment "If JS was to disappear, companies like Google would be up shit creek and they don't seem to acknowledge those risks".
It's more philosophical than that.
It's a bad thought experiment because either there is an equivalent language to replace it, in which case a Dart-to-new lang compiler would remove the risk, or that there are no more browser apps possible, in which case Google write a Dart-to-C compiler and deliver native apps.
The point is that "new lang" would also eventually succumb. The problem is that all interpreters / run-times, browsers, OSes and CPUs are mathematically certain to be flawed in one way or other. We as a species simply cannot generate provably flawless code or hardware, so it's not really an option. For example, until a couple of weeks ago everyone assumed that ASLR was a strong defence, but it got thoroughly trashed by a Dutch research group who showed that it could be unwound. In Javascript. In a Web browser. That's a major calamity.
Besides, we like fast-moving, new, dynamic stuff. To be provably secure means slow-moving, mature, never changing stuff. Shiny-shiny wins every time.
There's also the point that the introduction of "new lang" would simply expose a whole load of new-out-the-box flaws that will inevitably plague a new pile of code. Just like Javascript did initially.
The only sure solution to the problem of dynamic web pages is to forget about client side execution in the browser altogether, and replace it with a Turing incomplete remote display protocol for code running server-side. A bit like HTML used to be. A bit like X server protocol, and (AFAIK) RDP, VNC, etc. We're not very good at implementing such protocols problem free either (buffer overruns, etc), but it's a much easier challenge.
If we don't go down that route then we're condemning ourselves to having to re-write the whole Internet every time our latest Web browser client side execution environment becomes too dangerous to use. Based on our experience in trying to expunge Flash from the world, it'd be very hard to replace Javascript.