Getting a bit more detailed about things, all client-side scripting is freely available to be seen by your visitors.
If you have clever scripting that's watching things like form values for potential exploits, it's possible that even though you'll catch some genuine attacks, there will also be the possibility of triggering on false positives. That gives unaware people the knowledge that you are actively checking, and some of those people will think to look at your script, which they have full access to, and will see your code that checks for all of the exploits that you know about. That then helps your visitor to know about exploits that they may not have previously known about.
tl;dr: Do not provide public access to what you want to keep private.