Re: They are running code in my machine without my explicit consent for their own benefit...
I agree that this is a simple matter of consent.
Most pages now have JS running, but this is mostly in order to do what the visitor is there to do (view/interact with the page). There is implicit consent, as vague as that might be.
In this, they are performing a scan of your private resources without consent. It would be easy enough for them to add a "we must scan your computer for security reasons" page before doing so, get consent, and even allow storage of that answer to avoid it in future.
If it's fine for the banks to do this without consent, it should be fine for security researchers (which, IMHO, it should). If it's not allowed for security researchers to do so without consent, the banks should need consent too.