[chubot]

I think an important difference is that in the new architecture, there's a separation between WASM and WASI.

That is, computation and I/O are treated separately. It's more like capability-based security. WASM modules have no capabilities except the ones explicitly injected when you instantiate it.

As far as I understand, the JVM wasn't as rigorous about this, although to be fair I don't know all the details.

So WASI could still have a lot of holes, but WASM would survive and be useful. And then maybe someone else could come around and do it in a different, better way. That hasn't happened with Java.