Yes, one of the answers I want to give any time someone asks "why will WASM succeed when the JVM didn't" is that there is 25 years more experience and research to draw upon.
And yet bounds checking access validation was left out of the design, something that most of previous research projects took care to taint as unsafe packages when present.