It has the possibility of being much secure than Node/NPM. Even if you allow network access, a script will not have access to the file system unless you also grant it file system access. The first time you run a script, you have the option of walking through everything in all the code which requires any additional permissions (file system, network, etc) and individually granting or denying access. Eventually, the goal is to allow for more fine grained access, e.g. scoping permissions to specific paths or specific URLs.
It has the possibility of being much secure than Node/NPM. Even if you allow network access, a script will not have access to the file system unless you also grant it file system access. The first time you run a script, you have the option of walking through everything in all the code which requires any additional permissions (file system, network, etc) and individually granting or denying access. Eventually, the goal is to allow for more fine grained access, e.g. scoping permissions to specific paths or specific URLs.
None of this is a silver bullet, but it's much better (more secure) than Node/NPM which just allows everything.