I think the xz disaster would be a reason why Wasm-based plugins would be bad. People would be forced to use plugins written in a language they may not know and would not be able to audit for themselves.
Depends. if the editor is given permission to edit files, like say, many people do `sudo helix` when they want to edit some system config file, you could imagine a rogue wasm plugin doing a lot of harm.
Sandboxing isn't magic, if you need the permissions to do something, then the things in the sandbox get access to them.
Right, but it can control the editor indirectly through that API surface, and the editor can write to the filesystem.
It's definitely more secure than running a non-sandboxed executable, but the entire point of a plugin is to have an effect on the editing process, and the entire point of the editor is to modify files on the filesystem. As long as that's true there's a casual mechanism for an untrusted plugin to do damage.