Faster rendering, no layout jumping, heck yes. I block them on every platform, but it's especially helpful on mobile.

I just set browser.display.use_document_fonts to false. This sometimes leads to problems for websites that want to use symbol fonts, but I don't mind that. If I use that website frequently I might write some user script to replace the weird letters with better letters, but that's rare.

> I just have this suspicion that sooner than later they will be used as a vector for some kind of security issue.

You mean like being rendered into a canvas to get a high-entropy fingerprint of your device?

TrueType implementations need to include an interpreter for a Turing-complete language (the hinting language). More about vulnerabilities:

1. https://security.stackexchange.com/questions/91347/how-can-a...

2. https://threatpost.com/of-truetype-font-vulnerabilities-and-...

3. https://googleprojectzero.blogspot.com/2015/07/one-font-vuln...

How do downloadable web fonts help with that?

As much as is possible, I configure browsers to display my preferred font in my preferred size.

I had a plug-in to do it but just discovered Firefox has a setting to disable custom fonts.