I find it very strange that you see minified, basically completely unreadable JS as better than C (straw man, it's actually "any programming language") and assembly.
If we aren't being disingenuous, it's "any language you want versus JS" and "minified, obfuscated JS versus assembly".
The web has a free software problem (either that, or native code has a free software anti-problem because distributing portable precompiled code is so hard), but I find minified JS no more or less acceptable, as a language to read, than assembly generated from an optimizing compiler.
That said, minified JS on the web runs in a sandbox with a sane security model (yes, browsers don't implement it 100% right, but at least there's a model there). Optimized native code without source does whatever it likes to any file on my single-user machine, and we're expected to be okay with that (cf. https://xkcd.com/1200/). If I'm asked to choose between running one of the two, my vote is with the web app, no question.
I wonder could all WebAssembly code be shipped in secure containers and make it run similarly to how Google sandboxed the whole Android framework inside of Chrome OS?
Is the security of WebAssembly worse than that currently? Or is it somewhat similar?
Yup. As someone who can't tell an angular from an angle grinder but has read the ABI specs for every platform I use... the web does a lot of things right, and native code and assembly is where we see ourselves tethered to the bad design decisions of over four decades ago.
native code is not the problem... there are many libraries that abstract over platforms just like the web does.... the problem is people who make software that does not abstract away platform specifics
If we aren't being disingenuous, it's "any language you want versus JS" and "minified, obfuscated JS versus assembly".