You can import stuff from your host environment
And there's the slippery slope.
I'm afraid "things like Java's JNI (Java Native Interface) or .NET's Platform Invoke" aren't inherently dangerous - they can only invoke whatever "native" code their runtime environment makes available to them, stuff that a potential sandbox would allow to exist in their address space. In other words, stuff imported from your host environment. Any security problems they have are problems that apply equally to Wasm as soon as it has access to anything outside its own environment.
It's always the same claim: our idea is safer because we have a better sandbox and a limited attack surface. I'm afraid this sandbox will prove as vulnerable as everyone else's and over time there will be pressure to import so much stuff "from your host environment" that the distinction between browser code and local application code will be hard to perceive.
It really doesn't matter that there is a "machine-verified proof of its safety" - the machine verification goes right up to the point at which you "import stuff from your host environment" and then ceases to have any validity. Code running in an isolated machine is by definition safe, but punch a hole in the isolation and all bets are off.
I can see why Google might be interested in "multimedia editing, simulation, compilers and debuggers, encryption, and games" running in the browser. I'm not: they're precisely the things that should either be done as local applications or on remote servers with clear boundaries of authentication and control. I'm not entirely sure, in any case, how you'd manage multimedia editing or games if Wasm only has access to the browser display by means of JavaScript updating the DOM: there'd have to be a lot of "import stuff from your host evnironment" to get that to work at an acceptable rate.
Browsers are for presentation not for computing. Admittedly their document-centric presentation model is inadequate for our current model of remote interaction and they have insufficient hooks to provide secure identification and to allow the secure remote storage of personal data based on local credentials. However, as long as browsers stick to presentation, there's some hope of keeping them reasonably secure. A browser capable of running a "virtual operating system" is a nightmare - that's the problem with JavaScript already, please don't make it worse.