[thinkling]

Yes, I think those risks can be eliminated with some elbow grease since there's no need to load this app off a live server.

Instead, one would download a specific version as a tarball with a verifiable checksum that indicates the source is equivalent to the version audited by the community on GitHub. The app is then loaded & run locally.

In addition, you could control network access if you wrap it in its own OS-native custom browser app and use a firewall that controls outgoing connections. (Like LittleSnitch on OS X.) That is, create a thin shell around WebKit uniquely for use with this web app, and control its network access.

(I think the two measures are redundant, but hey, if you're going to be paranoid...)