how nice of you to completely disregard the threat models that others are under. not!

not everyone is an exploited consucker; some people take security seriously. that 98% of the websites expose their exploited consuckers to risks they don't understand on purpose is just something to be expected in the enshittocene. that some participants in their exploitation will minimize the risks is to be expected; likewise, some losers will believe them. I don't care which of these you are, but what you're saying, along the lines of "relax and allow the masters to rule over us all" doesn't appeal to me.

try asking those web site operators whether they'd allow you to upload code to run on their servers, within a VM sandbox even, and see the kind of response you'd get. if you run into someone aware of actual security, they'll teach you about layers of defense and security in depth. relying on a single sandbox barrier for your security against hostile agents would be extremely very naïve. typical consuckers may get away with that (they're already fully compromised anyway), but those who actually wish to keep control over their devices and their computing can't afford to take that kind of risk. it would amount to giving up security and freedom.

CC: @tennoseremel@lor.sh