Yes, and dually, demonstrating to people that their code insertion filters are inadequate. You may know better, but there's still a lot of people in the real world who try to "sanitize" Javascript with thing like "Remove all ()[]'";" and think they're security masters whose code is unassailable.

That last bit isn't snark; it's my personal experience.

As mentioned in the article, there are filters in the real world that will be penetrated by this.

Pretty much - the first paragraph links to an example of this technique being used to exploit Uber's developer documentation - http://blog.portswigger.net/2016/04/adapting-angularjs-paylo...