Historically yes because we use unsafe languages just to parse HTML, CSS, HTTP but intrinsically those do not require unsafe things. For JIT the situation is different and without JIT performance would be problematic.
That said, the alternative to web apps is native platforms or other VMs which have the exact same problem except with less capital allocated towards mitigating it.
Interesting results, but I am talking about the web as an application platform, not as the average users web browsing platform. I find it hard to imagine that users would accept e.g. something like Figma running without JIT, meaning that Figma would have no choice but to move native, thus running into the same problem. That said, for the average web user disabling the JIT by default may be reasonable.
That said, the alternative to web apps is native platforms or other VMs which have the exact same problem except with less capital allocated towards mitigating it.