For all it's innovative way of kernel programming, isn't eBPF a huge attack surface? Even a paradise for rootkit devs, perfectly able to hide using eBPF features.
Also worth noting that the verifier is under active development not only to verify more legitimate programs, but also to reject programs with exploits and side channels (and there are runtime defenses too, like dead code elimination and ALU sanitation).