People in general HATE to be FORCED to do anything so trying to enforce a better way MAY be like shooting yourself in the foot.
That mimics my thoughts on it, one of the whole ideas of Elementals was to NOT change how the underlying language works, and to just provide missing functionality, expand what can be done, and to provide more useful DOM creation tools.
It's the sort of thing that's made "use strict" and the Content Security Policy have slow adoption... or in the case of the latter people disabling so many parts of the CSP it defeats the point of enabling it.
Locking off "bad" parts of JavaScript goes against the very first objective. Best I can hope for is to just keep screaming at people "STOP USING THAT CRAP!"
It's just something I realized I COULD do, but the more I think about it the more I realize I SHOULDN'T. There are a LOT of things you "can do" that you really shouldn't.
-- edit -- I also think the experience why my most recent client coloured my opinion. I HATE going into someplace like a banking portal and finding gaping security holes... like innerHTML being used on user-input data.
Or in this case, their loading a WYSYWYG editor for their contact form that also accidentally hooked the login form for some derpy password formatting validation... with innerHTML.