I think taking this sentiment to its conclusion is a bit more of a drastic change than that.
It would mean the end of the web, not a return to its beginnings. You wouldn't be dealing with marked-up text, you'd be dealing with binary files (text markup, of course, being a subset thereof). The internet (and whatever emerged on top of it to replace the web) would then be concerned with content, sharing, and identity management only, and applications would be built on top of that.[1]
The trick, as you said, is how to securely run untrusted code. That's what the web (well, I suppose more technically, browsers) are trying to solve; the problem is that the same origin policy, which is at the core of web security, just doesn't work very well. There are a lot of examples where this breaks; here are three off the top of my head:
1. Tracking using javascript to look for unique browser identifiers
2. XSS, CSRF, etc
3. Legitimate cross-site communication
So clearly our existing solution to the "how do you securely execute dynamic, untrusted code" problem isn't cutting it. There's a lot of research (and production code, for the record) going into potentially better approaches though, so I think it's likely we'll see change, if we can get past the inertia behind today's hairball.
[1] Incidentally this is exactly the approach we're taking with implementations of the Muse protocol (https://github.com/Muterra/doc-muse), which uses encryption to provide private content/sharing/identity management on untrusted servers.
It would mean the end of the web, not a return to its beginnings. You wouldn't be dealing with marked-up text, you'd be dealing with binary files (text markup, of course, being a subset thereof). The internet (and whatever emerged on top of it to replace the web) would then be concerned with content, sharing, and identity management only, and applications would be built on top of that.[1]
The trick, as you said, is how to securely run untrusted code. That's what the web (well, I suppose more technically, browsers) are trying to solve; the problem is that the same origin policy, which is at the core of web security, just doesn't work very well. There are a lot of examples where this breaks; here are three off the top of my head:
1. Tracking using javascript to look for unique browser identifiers
2. XSS, CSRF, etc
3. Legitimate cross-site communication
So clearly our existing solution to the "how do you securely execute dynamic, untrusted code" problem isn't cutting it. There's a lot of research (and production code, for the record) going into potentially better approaches though, so I think it's likely we'll see change, if we can get past the inertia behind today's hairball.
[1] Incidentally this is exactly the approach we're taking with implementations of the Muse protocol (https://github.com/Muterra/doc-muse), which uses encryption to provide private content/sharing/identity management on untrusted servers.