The only compelling argument for removing javscript execution from the urlbar completely is that users may still be tricked into pasting bad scripts, they'll just have to type a letter or two before hitting enter--"Check out the super secret awesome page! Paste this in your browser then press the Home key and type ja and press enter: vascript:badstuff()". Since the hypothetical naive user thinks the urlbar is only for urls, this could be a successful attack vector, but I'm not so sure it would be.
In any case, I'm perfectly fine with having a default-false boolean pref. This allows for developers to enable it, and it mitigates all the security concerns as it requires explicit opt-in. Bug 680302 is tracking adding such a pref.
Note: This is only tested on Linux, but should be identical on Windows and Mac, you'll just have to find where omni.jar is stored on those platforms and find tools un/zip it (it's a PKZIP format file), and to apply universal difference files.
Edit: This process works for FF7 release, you just need to adjust the paths and use something like 10 fuzziness when applying the patch (patch -p0 -F10 < ...).
All platformsGo to about:config and right click, add a new boolean preference named browser.urlbar.allowInheritPrincipal and set it to true. Shutdown the browser.
sudo rm /usr/lib/firefox-6.0.1/omni.jar
sudo zip -r /usr/lib/firefox-6.0.1/omni.jar .
rm -rf ff6
Make a directory and extract omni.jar into it.
Apply the patch (from inside the directory).
Create a new zip archive named omni.jar with the contents of the directory you extracted to, and move this over the original omni.zip. Look inside both before moving yours over the original, to make sure they have the same directory structure.
Restart Fixefox and you're back to being a normal, competent adult. :)