Are JavaScript comments considered a security risk when are in production code or is it a bad practice?
In a simple website, with JS + HTML + CSS without any framework or library, how can they be removed?
Comments is not considered as security risk, but it's make your website heavier. If your website is heavy, and slow it can be usefull.
You can use UglifyJS2 for minify, remove all useless things