It's shame that the author has no idea about the security model of WebAssembly.
Control-flow integrity and protected call stacks prevents direct code injection attacks in WebAssembly.
Please check. <a href="https://webassembly.org/docs/security/" rel="nofollow">https://webassembly.org/docs/security/</a>