Can, for example, Facebook.com run a version control script on my browser and find out if I am running altered HTML code with the use of a script?
Could that be done with a script that can read the HTML code in the cache and produce some kind of hash tag that is sent back to the server and compared with the code that was sent to the client?
Yes, in theory, a site can deduce the presence of scripts in various situations.
This is not foolproof and usually is way too much trouble for the negligible "threat" to the site. (Then again, some webmasters can be obsessive-paranoids about such things. ;) )
Some methods, depending on what the script does (in no particular order):
Gaming or auction sites can monitor the timing (speed and regularity) of "bid" clicks.
A site can AJAX-back the count of say, <script>
nodes, looking for extras.
Similarly, a site can AJAX-back any or all of the content of a page and compare that to expected values.
Extra AJAX calls, or AJAX calls that don't meet hidden requirements can be noted (and allowed to appear to succeed).
If the script uses unsafeWindow
in just the right (wrong) way, a page can detect that and even hijack (slightly) elevated privileges.
"Clicks" that were not preceded by mouseover events can be detected. I've actually seen this used in the wild.
A page's javascript can often detect script-generated clicks (etc.) as being different than user generated ones. (Thanks, c69, for the reminder.)
Ultimately, the advantage is to the userscript writer, however. Any counter-measures that a webpage takes can be detected and thwarted on the user end. Even custom, required plugins or required hardware dongles can be subverted by skilled and motivated users.