Why is javascript allowed in my post content?
If you have the unfiltered_html capability then you can use JS. Admins and editors have this capability by default.
Personally I use a plugin for fine control of my users’ capabilities, but you can make this change easily in code:
$role = get_role( 'administrator' );
$role->remove_cap( 'unfiltered_html' );
$role = get_role( 'editor' );
$role->remove_cap( 'unfiltered_html' );
The capabilities are stored in the options db table, so technically you don’t need to execute this repeatedly. Maybe make yourself a small plugin and put this on the activation hook.
Don’t forget that admins could circumvent this by loading their own code and then directly editing the role options. I never let anyone have the admin role unless I’m happy for them to do anything.