Why not lock the core libs like Map.prototpy Array.prototype ? Can't we have sandbox like environment (which is not default but which can be enabled on application basis). Java Applets which run inside the browser had this kind of sandbox restritions.