Comment by Certhas

Is this relevant in practice? Say I go to a website to download some data, but a malicious actor has injected an evil decoder (that does what exactly?). They could just have injected the wasm into the website I am visiting to get the data!

In fact, wasm was explicitly designed for me to run unverified wasm blobs from random sources safely on my computer.