I agree there seem to be other options. But they all have fractal-edged interfaces to the legacy stuff, and you need to be careful about, as you said, script issues and vulns. That's the BrowserBox advantage - a fully modern, remote rendering system that can still be accessed from the legacy box, but securely. And easy setup. Admittedly, doing it the way you're doing is probably free - BrowserBox is not free - but it saves you lots of this delicate management of config, etc. Because the interface model is cleaner: just one HTTP endpoint that legacy browsers can actually access, streaming them fully modern browsing that's rendered elsewhere, securely.

I get the degradation to Gopher as a way to solve many issues, but many things just don't work there. And it may have its own vulnerabilities.