Not saying SharePoint has been secure previously. And the 365 ”no script” feature is a good one. Then you can create ”insecure ” sites.
But still to me I embrace that we have the option to block scripts as a first step. What Microsoft does next…let’s see