This is more of a question. With esm I was hiding the internals of the loader in another realm but would expose API points to the user's realm. When errors were thrown from the internal realm I had to ensure the errors produced were of the user's realm. I see that the secure-javascript-environment throws errors in places. Is there any cross-realm leak concern there?

I believe this is an issue. My theory is that when evaluating code, this is not a problem because the realms-shim is responsible for that, but any throw due to an invocation on another turn when calling a SecureFunction that will throw on the outer realm will probably leak error references from the outer realm. This is a very interesting question. I don't have a trivial solution here just yet.

It will be interesting to explore what happen if we use an iframe instead of the realms-shim.