Sure, running untrusted code will never be 100% safe. But visiting a random website is 99% safe where running random .exe’s is 1% safe. Neither is perfect, but in practice, one is good enough for most situations and the other isn’t.

Depends if you dockerise...

I agree, it's better, but the idea that you can just happily run whatever in the browser and it's all fine isn't quite true either.

But it is a lot better now than it used to be.

When it comes down to it - why am I exposed to untrusted code if what I'm trying to do, for the most part, is just browse and read info?

Perhaps we should separate browsers-as-app-platforms from browsers-as-readers.