Steps to reproduce the issue

JHtmlBehavior::keepalive() and the stats system plugin have dependencies to com_ajax to utilize them to perform their functions without any checks as to whether the component is even enabled. It'd be equally bad if someone uninstalled it. Code depending on this component should check for its existence as an optional extension and gracefully fail if it is disabled/uninstalled or implement a fallback solution.

Expected result

When com_ajax is disabled or uninstalled, code with dependencies to it should either gracefully fail with a clear warning or implement an alternative way to complete their actions.

Actual result

If disabled, the stats plugin completely fails with no noticeable error to the user (the only indication of trouble is in the browser's dev console when you see the 404 for its com_ajax call). Likewise, if disabled, JHtmlBehavior::keepalive() should not use com_ajax for its AJAX call.

Additional comments

As a non-protected extension, com_ajax can be freely uninstalled and disabled. Prior to 3.5, I had been disabling com_ajax on sites as it wasn't in use (as I do with all sites and core extensions that aren't in use on those sites). By protecting the extension, it prevents uninstallation or disabling it in the UI.