The big limitation that's very annoying with any WASM setup is that at the end of the day you still can't call many APIs or scrape sites because of CORS. Ofcourse, CORS is important to avoid XSS and the like but I wish there was a way to deal with this other than setting up a proxy to strip CORS, which then leaves you with a non residential IP that's more likely to get blocked.