Web assembly is a very promising idea and has a chance to provide better means for building security into web apps than SJCL/etc by enforcing same origin policy, sandboxing execution, being able to limit side-channel attacks, etc. Similarly promising is Web Crypto API: better primitives, consistent across browsers. My question is: will it even help, given that end-user interaction is still in DOM, attackers can still inject the code that overrides calls to better implementations of ciphers? Or I'm missing something in the threat model of both?
By securing I mean building technical security to protect customer / commercially sensitive data, not securing the funding. It would be brilliant to hear both those who did, and those who chose not to care or give up in process.
