There have been a lot of security bugs in Chrome related to this layer of V8, most of them caused by some form of type confusion. Is there worry about increasing the size of Deno's attack surface by adding this capability?
JIT is a large attack surface, but it's mostly an attack surface from the perspective of migrating from "untrusted" (attacker-controlled) javascript execution, to arbitrary native code execution (e.g. malicious js on a webpage, breaking out).
If a Deno user wants to use FFI to invoke system("rm -rf /*"), they can*, and they don't need to exploit a JIT bug to do so.
FFI with JIT is almost certainly a larger attack surface than FFI without JIT, but in practice I don't think it's a big difference.
*iiuc Deno is sandboxed by default, so presumably FFI capabilities (and the attack surface implications thereof) are something the developer needs to opt into from the start.
If a Deno user wants to use FFI to invoke system("rm -rf /*"), they can*, and they don't need to exploit a JIT bug to do so.
FFI with JIT is almost certainly a larger attack surface than FFI without JIT, but in practice I don't think it's a big difference.
*iiuc Deno is sandboxed by default, so presumably FFI capabilities (and the attack surface implications thereof) are something the developer needs to opt into from the start.