Most users don't really understand what they're giving up when they give up the option to run arbitrary code
As with privacy (Facebook privacy settings, cookie boxes), it's easy to bamboozle the general public with complexity and then interpret their confusion and (violated) trust as consent.
I will burn karma forever on continuing to assert, on behalf of the average user, that even if they don't understand the details they do know what they want.
It's not like people didn't have the experience of using Internet-enabled devices without an app store equivalent in the nascent days of the Internet, where many options were good, a few would inject malware onto your system, but (most importantly) all of the options were equivalent and there wasn't a "correct" one to choose.
Don't make the mistake of assuming that people spend so much on Apple products for no reason. A major portion of the marketplace likes the lack of choice paralysis. The ability to run arbitrary code is one giant choice-paralysis engine. Google has found a good middle ground in selling a device that is basically configured as "safe by default, but here's the break-glass button if you want to run arbitrary code and maybe be more vulnerable to someone tricking you into root-kitting your own device," but their average customer would still rather never worry about the risk of rootkits and they have the data to know that.
If we are to be in the business of protecting the right to free(-as-in-speech) machines in the mobile ecosystem, we need to understand the average consumer that is paying the bill for that industry to exist, and asserting they just don't get it isn't how you start that process.
This is one case though where that lack of understanding leads to the right conclusion. The average user is giving up nothing by losing the right to run arbitrary code, because they never were running arbitrary code.
JavaScript is allowed on iOS and Android already. So if Goole or Apple do not allow you to run some scripting language you want then the reason is not security(the sandbox and permissions should be enough and if is not enough then it means the sand boxing is a lie).
... which is, unfortunately, a weakness of F-Droid's own making (for the right reasons!). Because they don't do stat-tracking on users, they don't have numbers. So Play Store is able to claim "1 billion active monthly users" (as of 2015) with some certainty, F-Droid can give an approximation and a shrug.
Tweaking your wording slightly, it's basically the fundamentals of social contract theory.
I may have the freedom to bash my neighbor's head with a rock, but they have the same freedom to do the same to me. This isn't as useful as the freedom to sleep at night, so we voluntarily give up this freedom.
Reframing to the topic at hand: if the freedom to mutate the code on my mobile device makes it more likely that I'll get pwned by some clever social-engineering than the odds I'll improve my quality of life by tweaking some behaviors on the phone, then it's entirely rational for me to give up that freedom. And, indeed, millions of phone purchasers annually make that decision.
As with privacy (Facebook privacy settings, cookie boxes), it's easy to bamboozle the general public with complexity and then interpret their confusion and (violated) trust as consent.