Thank you for this info. >From the answers I understand it is a very complex field in which definitive answers cannot be given. I guess that although some things may be "highly unlikely" it is still a good idea to keep any technology which allows downloading and running unverified/utrusted code disabled by default (be it web JS, WASM or anything else). I hope RISC-V will change the world of computers. ;) Thanks!