Until now, they were able to run interpreted JavaScript. However obfuscated it may be, you can always read it or at least scan its source to ensure its not doing anything wrong.
But webassemblies are just binary blobs or black boxes, so to speak. That code is able to do literally anything to your devices. Aren't you concerned by this fact?