Short answer: more or less, yes.
Caveat, Google, Mozilla and Microsoft each have differing WA implementations. For Chrome, WebAssembly gets fed into the V8 TurboFan JIT:
JITs are a security hole. In particular, Apple won't allow your JIT on their iOS. They've only just recently allowed you to use their Core JIT on iOS:
What you can do to Turbofan inside of the Chrome sandbox, you could probably do with WA.
Cloud Key Vault (formerly iCloud Keychain) is probably the most sophisticated service that apple or any cloud vendor offers. More details are here: https://www.blackhat.com/docs/us-16/materials/us-16-Krstic.p... Apple set the bar pretty high with their implementation.
If its now on by default for storing ssh-key passphrases, it shows that apple thinks its blinded everyone except you, enough, that they can store it safely.
I found the talk (though I don't pretend to understand it all), video & slides are online if others are interested.
Behind the Scenes with iOS Security