For the sites that do need the scripting, Steve recommends adding them to list of trusted site EXPLICITLY, one by one, site by site. This way, only the sites you use and are interested in will get any chance of running code within you browser.
This is very good idea, but has two weak points. First is that it is Internet Explorer and Windows only technique. True enough - combination of Windows users with IE defines the most virus/malware sensitive group of the Net population, but many exploits are impacting Firefox users as well and in Firefox, the zone technique does not work. The second problem is that your list of trusted sites is machine specific. If you are using multiple computers, you will have repeat the process of granting trust to your sites on each of them. I am afraid that few users will have the stamina of doing it ... Even with single computer, it requires patience of a saint.
As many times before: when there is a trade-off between security and convenience, guess what will win ?