Does Javascripting Weaken Security on an Intranet? Is it True or Not

I am developing an Intranet using a 3rd party software.  This 3rd party is telling me that if they enable Javascripting in their system that all of the web pages will be able to be accessed via  public browser and would be available for unrestricted public download making the system less secure.

First of all, can someone tell me if this is true.  If it it is true give me an example of how someone can access these web pages.  Can they go to google and get the web address for the intranet now?  If someone wanted to hack into the system now how would they do it?  The 3rd party did say that the directory would still not be able to be accessed even if javascripting was now enabled.

Can someone in explain this to me in a simple way.  How much of a risk is it?  Thank you.

mikesandraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
An intrAnet is internal, and won't be indexed by the likes of google, unless they allow access from the outside in... Enabling javascript does not make them anymore or less safe. Simply enabling it, in addition, does not mean that suddenly their pages are now going to public... private IP's (RFC 1918) are not publicly routable, so if their DNS doesn't change, then neither will their security... DNS will dictate weather the site/ip is public or private. JavaScripting can be used on internal pages to gather analytics that are sent to public sites, google analytics for example. When a browser runs Java, it's run on the PC, not the server serving the pages, so it's possible the private ip information can be sent to a analytics site, still it doesn't make them any less secure. They don't seem to be qualifing theirselves well enough.
If you were simply using javascript to create pop-ups or secondary information from mouse hovering or clicking, there is no outside interaction at all...
-rich

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikesandraAuthor Commented:
Rich, thanks so much for your response.  Let me give you some more details.  The intranet I built (within this 3rd party software) has a bit of embedded flash in it.  Now because Microsoft lost a lawsuit you have to click on the web page to activate the page before interacting with it.  So, the only fix to this problem is to use Javascript.  Can you try to explain it to me again in a little simpler terminology so i can understand it better?  
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.