If someone creates a page User:Foo/bar.js and someone else does importScript( 'User:Foo/bar.js' );, but there is no account named User:Foo, this is very dangerous as anyone can create User:Foo and take control of the script.
While it doesn't solve the problem entirely, banning loading such pages with text/javascript mime type (e.g. making http://mywiki.com/w/index.php?title=User:Foo/bar.js&action=raw&ctype=text/javascript return a 403) will discourage users from making this kind of mistake.