This is related to but different from T71445: Implement a proper code-review process for MediaWiki JS/CSS pages on Wikimedia sites. That is about the MW namespace.
There are many pages in project space like https://en.wikipedia.org/wiki/Wikipedia:WikiProject_User_scripts/Scripts/CloseAFD.js . People can import these, but they don't run for every user and are not available in preferences.
These are imported directly, so currently editable by everyone who can edit articles. This problem was recognized long ago, and people have been protecting them manually.
We should prevent those pages from being served as JS (both by using text/plain or similar content type, and with nosniff)
[Old suggestion removed; see history]