Moreover, a significant fraction of JS vulnerabilities are logic errors in the JIT, so even if the JIT itself is memory safe, that doesn't make the resulting code free of vulnerabilities.