WASI is adding APIs to access all manners of native OS APIs. WASM in the browser is still reasonably secure because it can only do some basic memory operations (until someone decides to put the filesystem and networking API directly into the WASM engine) with Javascript wrapped around it to call actual browser APIs, but the "run WASM anywhere" tooling is quickly turning WASM into the next JVM.
I'm a fan of the concept of WASM as an isolated runtime you can safely embed into any application, basically allowing you to load and execute untrusted code if you have to, but the people driving WASM adoption are quickly expanding the attack surface to the point I don't trust such a setup anymore.
Giving WASM/WASI full access to the file system is about as smart as having unprotected, unfused, 12,500 volt 3 phase outlets in the home. I can just imagine someone here saying "NIPSCO has it across the street, why shouldn't I be able to get all the power from the grid, right?"
I'm a fan of the concept of WASM as an isolated runtime you can safely embed into any application, basically allowing you to load and execute untrusted code if you have to, but the people driving WASM adoption are quickly expanding the attack surface to the point I don't trust such a setup anymore.