On wikivoyage, if you go to a page with a map, and click on layers icon top right, and click "nearby articles" or click on the nearby articles icon in top left, the js will load and execute a script from toolforge (https://tools.wmflabs.org/wikivoyage/w/data/en-articles.js?_=1581320319100 ). The script is basically just data and maintained by wikivoyage community members. (However all the infrastructure around this script is part of the Maps extension, so its not really a gadget)
So beyond the normal complaint of something semi-prod depending on toolforge, it is really unfortunate that this is executing the script instead of just loading it as json data. At the very least could it be changed to be json, so that the people in control of the toolforge account can't arbitrary inject javascript for anyone using this feature?