not a dev but my understanding is can never be 100% confident you'll stop supply chain attacks so need to build in way were vulnerabilities aren't fatal, is that possible with web (vs app) dunno..

the other thought I had is something like wasm 'better' because its compiled code isn't it, not links to external libraries? is that why ldk/mutiny would go down that path.

all very interesting

and very relevant