Honestly I don't hate the language itself that much (I'm just learning it though so who knows) but developing with it fucking sucks. First npm installs a thousand dependencies, then you have to use it to install an entirely different package manager (yarn) and hope it works.
If you're using npm, you install a package or two that you're working with and get 10+ vulnerabilities. It tells you to run "npm audit fix" so you do it, but it just lists the vulnerabilities again and tells you to run "npm audit fix", so apparently you're just stuck with those.
Then you try running your react app and it crashes with an error about failing to stat a random file in your home directory. It turns out that you mistyped an import, and instead of giving an error about that it recursively backs up and checks every single file to see if it's the one it's looking for. Cool.
Yeah good point about user control. Although it isn't like most fancy webpages these days can be controlled or understood easily anyways. Better off just doing better sandboxing than trying to do any kind of introspection on documents and stuff, if that's the goal. And you can read website source code for lots of open source projects (hexbear.net lol), so it's not like you get much from being able to look at the stuff transmitted to your browser. I'm sure there will be tools eventually to see what WASM "syscalls" are being made if there aren't already ways, and you could probably create hooks for them too, in order to control what websites can do, without writing a new browser.
One issue with creating and using alternative formats is security, since most of the security stuff requires a budget and is only done for stuff that's actually used. But if you could build something out of existing libraries, like TLS sockets from library A and a WASM VM from library B, there probably wouldn't be much room to create security problems that don't exist already. And some small orgs could use a different protocol (there's already some stuff like this obviously).