Yep. The wasm don't even have a primitive to access to its own executable. Let alone modification and cause RCE. Bound checking definitely have overheads so you wouldn't expect it to suit all workloads, but for most workload the trade-off would be probably acceptable. And it would probably enable a universal linux driver that runs independent to cpu arch.
