So you've been looking to make your experience on the site a bit more interesting. You find a script, and run it without looking at it. At this point, you've already practically given your account to whoever wrote it. Common sense and rational thinking can help you a lot when deciding which scripts to use and which scripts not to use. Here, I'll highlight some ways to tell what a script is doing and what it isn't doing
ChatJS scripts are the most common scripts you'll find. They often add very useful features, like add nicknames you can change, or hide annoying users (written by me!). Some could do things that aren't too great though. For example, some scripts could, in fact, steal your session cookie (which I'll refer to as "session") or your chat authentication token (which I'll refer to as "chatauth"). Your session is how SmileBASIC Source knows that you are logged in, and if someone was to steal it, they could use it to get your email or other information you have on your account. The chatauth, on the other hand, allows someone to connect to chat as you, which could get your account banned if they do something malicious with it. Scripts that do this kind of thing will likely have references to either sending either document.cookie or chatauth with genericXHR or XMLHttpRequests. If you see a script like this, and it's from someone you do not trust, do NOT add it to your chatJS. Instead, ask a developer on the site that has ChatJS experience. Examples include 12Me21, myself, or Y_ack. We can likely tell you if something isn't right with the code, and we can stop you from getting your account messed up.
SiteJS scripts are much more rare, and usually aren't shared. You likely want to be even more careful with this type script. A malicious script can really mess up the site, hiding things, faking logout to steal your password, or more. If you see ANY script that tries to access document.cookie, don't try to run it. You'll risk your account this way. You can do malicious things with ChatJS, but that's only restricted to the chat. SiteJS scripts are run on every page on SmileBASIC Source, and can do a lot more damage.
Help! I installed a malicious script and I can't access the JS editor to remove it! What do I do?!
Everyone makes mistakes. If you accidentally installed a bad SiteJS, go to http://smilebasicsource.com/editor?type=site&nositeJS=1. It will disable the loading of SiteJS and allow you to get to the editor to remove the script. Once you're done of that, make sure to report it to one of the site admins so they can take some sort of action.
Now you should be a *JS pro! If you have any further questions, feel free to ask in the comments. I'd be happy to help!