How is this relevant to wasmjit? User space programs written in C can already corrupt themselves. As far as I can tell there is no new inherent risk to kernel stability by running wasm code in kernel space as long as the wasm spec is followed. Just like wasm programs aren't able to corrupt the browser sandbox in which they run.
The sandbox gives a false sense of security, because it opens a new attack vector.
Apparently you fail to understand how security exploits are taken.
For example, lets say I have an authentication module provided as WebAssembly, written in C.
The browser makes use of the said WebAssembly module to authenticate the user.
Now we make a cross site scripting attack that calls the WebAssembly functions in a sequence that triggers memory corruption inside of the module, thus influencing how the authentication functions work.
Afterwards the JavaScript functions that call those WebAssembly ones, might authenticate a bad user that would otherwise be denied access.
