The game looks good. But I'm a bit skeptical of web-assembly after the flash era, where games did all kind of nasty stuff. I know "it's just javascript" but I feel unease having a binary blob of code running on my machine, at least with "javascript" you can view the source code. I do have JavaScript disabled by default btw. I also know that png images are also binary blobs, yet I allowed them, even though there have been exploits, but I feel that png rendering is more hardened, and can do far less, then web-assembly.
Web Assembly is NOT javascript. It literally is assembly for the web. There are transpilers that converts higher level code (C#, Go, Python) to Web Assembly, but the end result is always byte code that is run by the browser.
You may be confused with ASM.Js, which IS javascript. It is a very optimized version that uses a similar idea of a CPU instruction set (get register, add, branch on flag, push on stack, etc), but it still is interpreted. ASM.Js is very fast and also has some transpilers, but it is very different from Web Assembly.
Web Assembly has the highest potential. High potential for speed, calculations, AND RISK. The threat model for Web Assembly has not been tested as well as Javascript.
Well, the WebAssembly bytecode is the same target that is used by JS, so it kind of is JS in a way, well, at least in the way that is important to the OP's concern, in that WebAssembly should have the same risk profile as JS. wasm and JS don't represent two different pipelines - they run on the same VM.
They minify the JS because 1% reduction in file size will save them thousands of dollars in bandwidth costs. Most web sites doesn't, even HN doesn't minify. Then there's those who obfuscate their code because they don't want their visitors to know what the code does. With JavaScript though you can, within the browser (no extra tools needed, just right click and inspect), beautify the code and set breakpoints etc.
A good parallel to Web Assembly is just straight OS Assembly, as opposed to Flash. Any concerns you have around Web Assembly could be applied to regular Assembly as well (not saying that you don't already do this, but it's good to clarify).
That said, there are indeed security concerns with Web Assembly that are and will need to be addressed, as it runs way closer to the metal and has access to direct memory.
Do you not think you're being overly paranoid? It's not practical to inspect all the code you run for security exploits.
I could understand if, say, Chrome had many actively exploited security holes like things were in the Internet Explorer days but I wouldn't say this is the case now.
