Why would WebAssembly provide more protection against exfiltration than JavaScript in this case?
By default WebAssembly doesn't have access to the DOM or JavaScript globals. You have full control of how it can access these things.