Looking at the sophistication of modern security exploits, I'd say that just a few minor gaps, strategically positioned, can lead to surprisingly drastic results. Of course, Emacs is a niche editor/IDE/OS/whatnot, so an unlikely target, but still.

It's a great proof of concept though. In the meantime, I'll stick with vterm.

no malicious person is using emacs. the userbase is full of painfully honest people.