Re: "...JavaScript crypto wallets..."
"Javascript is the primary vector for almost all online host compromises, so it's inherently lethal."
This is plain incorrect, you don't download the JavaScript code from over the Internet from an untrusted source with nodejs.
Nodejs code is nothing like browser JavaScript, totally different security model. It is no better or worse than other scripting languages like Python or bash. The security model relies on not running code you don't trust; in a browser you do that all day.
JavaScript is arguably a lot safer than writing server side code in C or C++. I doubt there are many, if any, JavaScript compromises in any of the major browsers. If you want to pwn a browser you would be looking at the C code in the browser itself, the v8 vm, or of course the native plugins like flash.
You will not get very far trying to hack a browser in JavaScript. Its inherently safe.