At least in so far as the higher level (DOM, browser runtime) and lower level (memory access, to the extent that it's mediated by the WASM VM) have no security issues...

The VM itself is pretty tight, but abstractions have a nasty habit of being leaky.