I have a adspam-blocking hosts file and deliberately loosened the script security slightly because I'm making an Intranet. I always leave Javascript enabled.
Neither problem could lead to compromise of my system.
IOW I'm totally safe.
I'm on Windows 98SE, IE6.0-128 SP 1.
I have a custom set of security patches. I use Windows Update, tailored to my requirements.