Funny question, basically with corrupted data anything goes.

For a very extreme convoluted example, maybe that value given back to the JavaScript layer will trigger a patient death by sending the wrong value to their insulin device monitor.

But yeah, code and true call stack will be perfectly safe.

One day a random bit flip in a web app on a non ECC-protected iPad * controlling a life-critical system will kill a person.

It's just a matter of time.

* Or any other device with data corrupting hardware or software issues.

Yep it is just a matter of time.

Successful lawsuits against insecure software need to become a common event until most companies actually start paying attention to their technology stack and development processes.

That is the common excuse of C developers.

The goal of software security is to minimize all attack vectors.

Logic bugs < Logic bugs + Memory corruption bugs

Sure but Im not sure how your example is a security bug and not a normal bug? I guess if the web page was also processing untrusted data?