Your link basically says that less than 0.01 _percent_ of the top one million websites have webasm cryptocurrency mining. There is no mention of any security flaws. A webasm miner would just eat up a single core while the page is open.
This doesn't seem like much of a red flag to me. If one out of every ten thousand unique sites I visit uses one hypercore while it is opened that isn't going to keep anyone up at night.
On the other hand full video editors, image editors, CAD, 3D content creation programs, silky smooth 3D games, custom video codecs and more have already been made possible due to webasm. Not bad huh?
Not bad at all, for something that has been possible in Java, Flash, ActiveX, PNaCL before.
Thanks to service workers, the miner won't go away when you close the browser, as by default settings (which normal users don't even know they exist) service workers run on their own processes.
You say possible, but where were they? Actionscript never ran at native speeds or even close to them. These things were never seen in Java applets either.
Webasm + webgl is a potent combination. C and C++ libraries can be used directly instead of trying to squeeze fast matrix and vector math out of a Java JIT that needs special wizardry just to avoid heap allocating everything.
And let's not forget that you implied that someone had to be careful of what sites they visited when it is actually a case of 1 in 10,000 sites carrying mild consequences and not security exploits.
I get that you love Java and don't know modern C++, but denying reality doesn't change reality.
https://www.infoq.com/news/2019/10/WebAssembly-wasm-maliciou...