In what way are you worried that the binary blob is malicious, and do you not trust the browser's sandboxing? I'm curious why this is any worse than running javascript on any other website.
Wasm shouldn't have any more capabilities than Javascript, it's theoretically the same sandbox with all the same underlying system access (or lack thereof). However, that doesn't mean I can vouch for the implementations.