The case for a reputable website is even stronger given that you can literally inspect the source code as it runs. While a native program might require disassembly and de-obfuscation, a website can only deliver JavaScript that can just be copy-pasted into a text editor.

The one exception I can think of might be WebAssembly, but to date most native features (like location, filesystem access, even manipulating the DOM) require interop with JS to be used by wasm.