You could always send information using javascript by loading images, hidden iframes etc. (You would not get a meaningful response though). This applies to dark old days even before JS..
Great point. Lately we have been reconsidering the request manager matrix shown in gngr. It was inspired by HTTPSwitchBoard's matrix, that has a separate column for XHR.
However, like you pointed out, there are other ways than XHR to leak data if JS is enabled.
If JS is not enabled, the kinds of data that can be leaked is fewer (perhaps screen resolution and size).
