In few words

• When building a serverless platform that runs untrusted code, achieving isolation is crucial to prevent one process from adversely affecting the entire system, similar to not sharing a kernel carelessly.
• Modern virtual machines can be run quickly and efficiently, moving beyond the traditional perceptions of slow boot times, utilising technologies like KVM and microVM frameworks for better performance.
• Containers are easier to use than VMs, but they're not as isolated. Processes share the same kernel and there's no hardware security enforced by the CPU instructions.
• WebAssembly offers a more secure alternative to traditional containerization, ensuring that the code runs in a fully isolated environment, which is vital for maintaining security integrity in function-as-a-service models.
• WebAssembly is using an "allow-list" model, where you need to explicitly mention what your process is allowed to do.

(source: Is WebAssembly the Secure, Efficient Alternative Everybody was Waiting For?)