Well, I am sorry you got such an impression.
I am absolutely not trying to minimize their concerns, and frankly, I have a concern of my own about the forum. I noticed that not all scripts are served directly from the forum, e.g. the Stripe scripts.
I feel like that is bad practice and that the user should be questioned whether to allow loading them or not, since they are unnecessary for the forum to work.
I would worry less about the scripts coming directly from the forum and scripts required for functionality of the forum because Discourse is free and open-source software. But indeed, if the forum somehow gets compromised, its scripts could be modified to implement some kind of user tracking or deanonymization techniques in such a scenario.
In all honesty, I am not quite sure what to respond with. I am neutral.
I do not deny the fact that JavaScript is being used for fingerprinting, however. Which you may take as an answer to your question, i.e. I do not disagree. But when it comes to malware, it is being written in other programming languages too, and perhaps much more than using JavaScript.