Your intuition is right. MVC frameworks do not help individual hackers. Their purpose is to make it harder to do bad things. Making it easier to do good things is not a requirement.
On the other hand, it does look like good client-side JavaScript frameworks provide a competitive advantage, if used judiciously. I haven't investigated which is best yet.
"Their purpose is to make it harder to do bad things. Making it easier to do good things is not a requirement."
That seems like a pretty silly set of expectations for a framework. By virtue of making it easier to do things, you may eliminate a lot of bad things, but the goal really is to make it easier to do things. This might seem like splitting hairs, but you split the hair here, and I disagree with the conclusion.
On the other hand, it does look like good client-side JavaScript frameworks provide a competitive advantage, if used judiciously. I haven't investigated which is best yet.