[tor-talk] TOR Browser safety practices

[npdflr]

Tor browser already contains a NoScript addon allowing user to prevent certain scripts from running.

What is the worst case that could happen if a malicious script (Javascript, XHR, other) or a malicious cookie runs?
Apart from username, password which could be stolen, can other data be stolen/corrupted? Data like:-
1. Bookmarks
2. Browser storage: IndexedDB, DOM Storage
3. Files in TOR download folder
4. Data in the hard disk apart from the folders used by TOR. 
(Tor by design does not write any browsing activity like history, session etc to disk. So I think data in other parts of hard disk should be safe.)
5. Current data held in RAM