All browsers I’ve ever used that support Javascript in the first place have had the ability to disable it fairly easily. There’s an add-on for Firefox called NoScript that makes it easy to disable Javascript on a source-by-source basis. Javascript is a general-purpose programming language, and it’s a bad idea to ever assume you get to run arbitrary programs on somebody else’s system.
Moreover, you can’t rely on Javascript for security. It’s sent to the browser in source form, and can be altered on the browser without much difficulty. Javascript is entirely irrelevant to security.
There’s two ways you could be thinking of securing a client site. One is securing the connection with SSL, and that has nothing to do with Javascript. It requires obtaining a certificate (usually, with modern browsers, one you pay for from an accepted certificate authority) and setting it up.
The second is to validate the information the browser sends. There’s no harm in doing this with Javascript, since your web page can be more responsive that way, but if there is any security reason to validate input, it absolutely has to be done on the server. Any Javascript you send can be examined and changed by the person using the browser, and anything that can be sent by HTTP can be modified.
solved Can User disable javascript at client side ? is it possible? [closed]