Disabling javascript increases security, and offers a little bit of privacy. Those are both separate from anonymity, but people conflate the three often.
For example, javascript can be made to do arbitrary websoccket or http connections to any ip/hostname your computer has access to — even local networks or localhost.
I use the browser extension Port authority to block it.
Of course, port scanning is used by ebay to scan users computers, and discord.
Disabling javascript prevents websites from tracking exactly what you do on each site, or what local ports you have open. This is definitely an increase in privacy, as it relates to hiding what you're doing. However, you noted it comes at the cost of anonymity, as you become uniquely identifiable.
Google put an API into Chrome that sends extra system info but only to*.google.com domains. In every Chromium browser.
Only vivaldi caught this issue. Brave had this api enabled, most likely on accident.
But the problem is, that chromium is just such big and complex software, when combined with development being driven by Google, it's just impossible for any significant changes or auditing to be done by third parties. Google is capable of exteriting control over Brave, simply by hiding changes like above, or by making massive changes like manifest v3, which are expensive for third parties to maintain.
Brave can maintain 1 big change to chromium, but for how long? What about 2, 3, etc.
My other big problem with brave is that I see them somewhat mimicking Google's beginnings. Google started out with 3 things: an ad network, a browser, and a search engine.
Right now, Brave has those same three things. It feels very ominous to me, and I would rather not repeat the cycle of enshittification that drove me away from chrome and goolgle.