A C++ program compiled to WASM will have almost exactly the same/equivalent security bugs as the same program compiled to x86 or ARM machine code. If you lock down these programs using LSM, you have practically the same security properties as WASM provides. Sans the JS VM overhead.
There are very good reasons for the type systems of Sappeur and Rust, both in terms of security and in terms of efficiency. Low-level constructs such as VMs or CPUs(e.g. the ICL 2900 Mainframs) are hard-pressed to replicate these capabilities and will consume many transistors or runtime to do so.
From that follows that it makes sense to use Rust or Sappeur to generate WASM programs. Then the assurances of Memory Safety will exist for these WASM programs. At this time(Sept. 2023) Sappeur programs have not yet been compiled and executed on WASM.