That’s assuming the only thing you want to prevent is speculative bounds overrun. Even with masking, you can still leak the secret in the array from the path not taken? Do you see evidence of gcc or clang gravitating to the MS approach?

In many ways, spectre is one more kind of attack on code that doesn’t properly separate validating untrusted input from acting on that input, except unlike overruns and TOCTOU races, this is microarchitectural.