First of all editors will only have permission to do things that have been agreed by several others to need doing. Which limits damage largely to a limited number of nodes right there.

Secondly any damage done is readily undone. (The same principle that allows Wikis to survive despite having virtually no security checks.)

Thirdly if an editor ran amok (either through going off the deep end, or through someone stealing a password), it would quickly become both obvious and investigated by vroom.

Fourth the people who would be in a position to know about and try to take advantage of careless editors are mostly themselves members of this community. So they are people with something to lose.

Fifth, I could show up as Anonymous Monk and cause vastly wider damage to the commmunity than I could as a rogue editor. Indeed if someone wants to waste energy getting an editor account instead of just causing damage, I think that is a good thing.

All of that said, I think that turning JavaScript off is a great idea. I turned it off a long time ago from home. I have turned it off from work as well. I don't really want someone else to login and start posting as me or sending nasty chatters...