Arguably they should not be there to begin with, but this has affected at least two extensions, so probably worth dealing with here:
T105924: Graph extension should exclude scripts tags so they will not be parsed by TextExtracts
T107170: Flow: Data Model JavaScript, including tokens, appears in TextExtracts and HoverCards
It's not always a security issue, but always a UX one.