Securely's realm not being frozen may allow attackers to bypass it

[weizman]

As pointed out by @mhofman, the following scenario leaves Securely and tools that rely on it vulnerable:

1. Attacker successfully gets a hold on the securely callback, or an object that is only accessible by calling the securely callback
2. attacker can obtain its prototype and modify it so that intrinsics Securely exports are affected by such modifications

example:

// attacker
const slice = ArrayS.prototype.slice;
const F = Object.getPrototypeOf(slice);
Object.defineProperty(F, 'call', {value:111});

// securely based tool
securely(() => {
  ArrayS.prototype.slice.call([]); // fails, `call` is actually `111`
});

Even though Securely removes the realm it uses to get a hold on intrinsics, accessing the realm is still possible in such scenario.

It is important to note that this scenario counts as an edge case, a tool that is based on Securely is responsible for using it responsibly and make sure access to it is not exposed to outside code at any point.

If the Securely realm would have gone frozen, this might have solved the issue.

Worth learning from https://www.npmjs.com/package/get-intrinsic on the matter.