If there are good reasons, then I totally agree, we should allow them to use whatever API needed on the Principal. The goal of the 'Removing GetURI from Principal' project is also to create a better mental model around security checks; and in particular the (ab)use of folks querying the URI and doing their own little dance for performing security checks, which is obviously semi-optimal.
To answer your question, there is no difference between C++ users and JS users, both can make the same mistake. The reason we added [noscript] was because there seemed to be no use case on the JS side and we want to shrink the API on the principal as much as possible. Now there is apparently a good reason to remove [noscript] again - at least now we know that use case.
Happy to r+ a change where we remove [noscript] again.