Like Bryan says, tracked links in Marketo require JS. You can run your own tracking server to avoid this, but the reality is most people don't really tailor their Landing Pages/CTAs for noscript users. If your team does, then it would be worth it, but think through whether it would be beneficial to have people reach the very next page w/out JS.
One thing that's notable is you never set up a branded tracking domain: you're using the default mkto-nnnn.com. If you set up a branded domain (in Marketo Admin and in your DNS) then the tracked links will be at a subdomain of your own corporate domain, so if someone has previously whitelisted that domain they will be able to execute JS.
As per your screenshot you have not setup your branded tracking domain and used Marketo's default url for the CTA which is recognized as suspicious by browser when you are clicking on it and it is showing the alert.
It's the opposite. If you block JS, you will not be redirected after going to the tracking domain, because getting from the tracking domain (branded or not) to the original destination URL requires JS.