Nowadays it's impossible to support the creators you enjoy online by whitelisting ads without exposing your device to multiple megabytes of untrusted, vulnerability-filled JS and iFrames with links off to malware sites.
I think that the sponsorship model many YouTubers use these days works really well, because there isn't any code involved that I have to run.
I don't remember "untrusted JS" being any sort of problem in the last, say, 10 years?
Now I'm sure you can dig up some vulnerabilities, and a select few of them may even had (remote) exploits. But I've never run into any problems, and I'm not especially careful, have been around the seedy underbelly of the web, and don't run any anti-virus. Just not clicking on any .exe that suddenly downloads seems to be enough. Being on MacOS rather than Windows may also help, although as far as I can tell, security on Windows today is also far far better than it was a decade or so ago.
Considering all that, I can't shake the suspicion that people complaining about JS vulnerabilities to defend their use of ad blockers are just searching for justification.
Yeah, there's a few YouTube creators and a few coders I've added to Patreon from time to time. I'd much rather toss someone a dollar a month than watch a dollar worth of ads, where 70 cents goes to a FAANG company.
I think that the sponsorship model many YouTubers use these days works really well, because there isn't any code involved that I have to run.