[cyphar]

Yes, but being in the kernel makes it much faster, since you don't have to copy packets between user space and kernel space. It also allows you to use WireGuard from early boot, as well as allowing you to manage it like a real network interface (you can do this with TAP interfaces but it's less clean).

There is a userspace version available if you really don't want to use a kernel module (this is what the Android app uses if your kernel doesn't have WireGuard).

Also, WireGuard is an incredibly small program, less than 4000 lines. You could audit it in day, and has been extensively fuzzed (and was designed to be secure in many aspects). I would be far more worried about buggy network drivers than WireGuard.