Isn’t this mostly because browsers in that era didn’t have process isolation (and if you were on a classic Mac, there wasn’t even preemptive multitasking)?
I was also blaming the OS for not having preemptive multi-tasking? And once we've blamed the OS and the browser... not sure who else is in this equation.
The web developer is not in this equation, because I have no way to know their server hasn't been hacked, and hence even if I trust them personally, anything they send me is explicitly untrusted