All web APIs are designed to be secure in the context of the web.

Needs to be memory safe otherwise a wasm program can execute arbitrary code, access memory that it should not, etc.