Do not grant JavaScript execution permissions to a web view unless absolutely required.
Web views are containers for regular web pages, and as such have very similar considerations for security.
There is always the risk of a security flaw being found that would allow an attacker to execute malicious code within a web view.
WebView webView = someView.findViewById(R.id.some_web_view);
// Only do this if you absolutely need it!
webView.getSettings().setJavaScriptEnabled(true);
Sometimes, executing JavaScript on a web view is unavoidable, and it is reasonable to enable its usage in such cases. However, take care to ensure that there is no way for an attacker to introduce their own scripts into the web view.
Use libraries such as OWASP's ESAPI to sanitize any input or output from the web view, and ensure that the user cannot directly control any data that is shared between the app and the web view.