I don't give great weight to the "Open Source is extra-vulnerable to security issues" argument. I see benefit of many Good Guys reading the code and spotting such problems. If this were an issue then we'd need to discard Linux, Apache, MySql, and most of the Java libraries.

Frameworks generally save a very great deal of effort, I see them precisely as a pre-invented wheel. They don't need any other value.

I have never used MooTools so can't comment on that, but jQuery makes a lot of things easier.

• Selecting collections of objects by class, name, partial Id, etc.
• Simplify Ajax calls.
• Wireup event handlers to handle onclick, mouseover, mouseout, etc. and assign to elements based upon general selectors so that the logic can be reused.
• Tons of transitions and other visual stuff to pretty up the front end.

There are a lot more, but it generally simplifies/accelerates development. One thing to watch out for is if you are using a ton of selectors in a single function (loop that iterates over the DOM 40+ times) it is waaay more efficient to use vanilla JavaScript.

So my advise would be to code the front end with the aid of a framework and then optimize the underperforming parts by subing in vanilla JavaScript.

Also, I don't see how jQuery or MooTools could be a security threat as they are client side frameworks, not server side. Remember to always validate inputs on the server side in addition to any client side validation and to properly parameterize SQL queries that are constructed on the server side.

The frameworks provide a cross-browser-API for JavaScript, so most of the time they are very usefull even though they come with a little speed-loss. But the JS-Engines get fast almost every update so that's not really a problem. There are also very many plugins for the frameworks so they not only provide an API but also new cross-browser-features. But it depends on what you wanna do.

1. Frameworks solve cross-browser bugs which normally would cost hours of your time, so you can focus on functionality instead of worrying about some edge case browser bug.. instead of wasting 4-5 hours solving a bug spend that time with your family.

2. Frameworks such as jQuery are pretty loaded with stuff like animation, selectors, html manipulation so there's usually some sort of functionality already built into the library, again saving you more time and the API makes it really easy to actually accomplish complex things.

3. Interpreters and browsers are only getting faster and faster so I don't particularly think it's a huge issue loading an entire library up. In addition thanks to Google et al we get very fast cdns and nowadays lots of sites are using the same exact URI to pull the script in, meaning there's a higher rate of the script getting cached and reused on another site.

4. Instead of every single web developer having their own library it's much more efficient having thousands of people concentrated to bettering a handful of libraries so cross-browser bugs get documented and fixed.

5. Competition is a good thing, the result of the slickspeed tests resulted in much faster selector engines such as Sizzle. Developers not having to worry about trivial DOM bugs means more complex libraries are created daily, which means entry-level developers have access to very powerful plugins.

As far as security, jQuery for example will detect if the browser is capable of parsing JSON natively and if so, rely on that. Usually any modern browser will have this, and it's much safer than eval... so jQuery strives to use the safer and more secure methods first. It will only use eval if there isnt a JSON.parse method available.

An important thing to remember in jQuery though is remembering you're still coding in Javascript. Usually people get too caught up in the sugar coated methods and wrapping everything in $, I think it's important to know you can still do this.href instead of $(this).attr('href') if you would like an absolutely normalized uri for example.

It depends on what you're using JavaScript for. If you want to be able to show and hide panels, animate stuff, attach events to multiple elements, do Ajax, etc. then you need to consider cross-browser issues.

jQuery eliminates the need to think about cross-browser issues and allows some really neat functionality like the above and also modal dialogs, etc.

So it depends on what you want from JavaScript.

Do not downplay the importance of avoiding the re-invention of the wheel. You don't invent a new computer each time you want to write a new program.

But apart from that, JavaScript libraries provide better cross-browser support. This is extremely helpful, as a quick look at QuirksMode will demonstrate.

JavaScript frameworks make many things easier. Look at the jQuery documentation and you will see how easily it is do many fancy things.

JavaScript frameworks have been extended by many people, so there are many high quality jQuery plugins (for example — it's the framework I know the best) that you can use without having to write them yourself.

It is unlikely that JavaScript frameworks would introduce security holes, as they don't expose any more functionality than what you can do with plain JavaScript.