Actually this is very interesting and should be fixed; not just here but in browsers, inkscape etc.. Not to disable JS entirely, but to sanitize it. I did not realize the use case of malicious SVGs until just now... http://www.securitytube.net/video/5533

Also - http://blog.jondh.me.uk/2012/09/inkscape-xml-entity-vulnerabilities/

Someone should make a very good PHP Sanitizing LIB for SVGs and the problem would be solved for everyone. :)