Think about what a JIT compiler means: it's allocating memory, writing to it, and then executing it. That's also what malware does so if you give third parties access to that functionality you have the immediate problem that the number of people who can make a mistake which gives native code execution goes up dramatically and that any attempts to restrict it in the future will risk breaking previously-working apps — think about how many years Adobe was able to slack because nobody wanted to break Flash even though it was a huge source of security bugs affecting most people on the Internet.