This whole episode is giving me flashbacks to the ActiveX days.

The tyranny of the default.

“Here mum, I’ve installed Firefox for you, it’s better than Chrome in every way!”
“My knitting circle website doesn’t work, I can’t download patterns, it says I need Chrome”

Internet Explorer was effectively abandon-ware for a decade after Microsoft used their OS pseudo-monopoly to crush Netscape.
It took another tech giant abusing THEIR monopoly to relegate IE to the trash heap it should have already been on.

Comforting and Terrifying.
Comferrifying?
Terriforting?

So you won’t use your banks website?
Or your utilities (gas/water/electricity/internet)?
You won’t let your kids use the portal at their school for submitting assignments?
Your government sites for renewing your drivers license or scheduling hard refuse pickup?

I can think of lots of reasons that will force me to have chrome installed if this goes ahead.

The first 90% of the task takes 90% of the time.
The last 10% of the task takes the other 90% of the time.

JavaScript (TypeScript) has access to cookies (and thus JWT). This should be handled by web browser, not JS. In case of log-in, in HTTPS POST request and in case of response of successful log-in, in HTTPS POST response. Then, in case of requesting web page, again, it should be handled in HTTPS GET request. This is lack of using least permissions as possible, JS should not have access to cookies.

JavaScript needs access to the cookies, they are the data storage for a given site.
To protect them, the browser silos them to the individual site that created them, that’s why developers haven’t been able to easily load cross domain content for years, to mitigate XSS attacks.
The security relies on the premise that the only valid source of script is the originating domain.
The flaw here was allowing clients to add arbitrary script that was displayed to others.
You’re dead right that only the way to fix this is to do away with JavaScript access to certain things, but it will require a complete refactor of how cookies work.
I haven’t done any web dev in a few years, this might even be a solved problem by now and we are just seeing an old school implementation. 🤷

Threads will mainstream threads.
Any good content here will be available to the Threads users, who will be oblivious to where it is coming from.
Eventually, Meta will take steps to break compatability, and lots of the most prolific contributors from here will move to Threads exclusively (for a host of valid reasons).
When it is no longer in Meta interest to federate, they will stop.

The fediverse will continue, but it will be weakened by it’s temporary reliance on Threads (who could afford to host large images/videos/etc, have lower latency, etc etc).

Individual instance owners can do literally whatever they like.
Put up ads.
Charge a subscription.
Anything.

Let’s say instance A is hosting a community that everyone on instances B and C love to participate in.
But A want’s to earn some money so they start charging access to their local users.
This doesn’t effect users of B and C at all, because the data is federated.
The owner of A get’s grumpy and defederates B and C.
The users on B and C find somewhere else, either on one of their instances, or on D.

Everybody wins.