It is true it is a security risk, and it is true the gfx driver culture is not a culture of security.
Security risks can be overcome. The implementation can overcome risk, as Chrome and Firefox's secure implementations prove. So the fact the risk exists is not a complete justification for not supporting the feature at all.
Given that it conflicts with Microsoft's strategy anyway, the conclusion is the security concerns are used as an excuse rather than a reason.
And it doesn't even seem like a lot of people are actively leaning on Chrome and Firefox's WebGL implementations, so calling them "secure" seems a little premature.
Security risks can be overcome. The implementation can overcome risk, as Chrome and Firefox's secure implementations prove. So the fact the risk exists is not a complete justification for not supporting the feature at all.
Given that it conflicts with Microsoft's strategy anyway, the conclusion is the security concerns are used as an excuse rather than a reason.