No Script is an incredibly useful add-on. In the past, I'd have given it five stars; it now gets only two (see issues below). All in all, I'd say it's still better to have it than not, but that's only because there is no better alternative, and there is no difference between having to completely disable it on a page versus not having it at all.

First of all, it would have gotten three due to the issues I list further down, but it gets two because of a major functionality problem that makes it obnoxious to use, and by its admission, not private in private windows.

In the past, when you set it to trust top-level domains, it would automatically set them to temp trusted; however, for whatever reason, it now sets them to "custom," for me, which functions the same as untrusted, and changing it doesn't even refresh the page for you.

The default setting handling is a huge inconvenience, but that is not where the problems end. You cannot restore previous functionality by manually setting the top-level domain to temp trust. To enable scripts on the page, you must set it to trust, which makes it permanently trusted, and keeps a log of every page you visit in private windows. If you try to change it to temp trust and refresh the page, it goes back to "custom."

Besides that, the description for the extension is outdated. Not only does it still mention Flash, but it also claims no loss of functionality when you need it, which is not true. In most cases, enabling some scripts will return the functionality you need, but there are several reasons why that's not always the case.

Sometimes, certain scripts you need will be on sub-domains of the top-level domain, and they need to be enabled separately; however, NoScript doesn't show them because it thinks they are part of the main domain, so you have no way to make the site work without completely disabling the addon for the page.

In other instances, sites won't load all the scripts until they load some other domains. For example, a CDN containing vital scripts might not appear on the list because it's called after an analytics script has run. There is no way to know that unless you enable each script on the list, one by one. The domain doesn't need to be related; it's just something about how the page loads.