All software has the potential for security vulnerabilities. Browsers, in recent years, have been incentivized to make the experience as secure as possible. Even the browsers you think are “safe” are still at-risk for security vulnerabilities, so it’s kind of moot. I think it’s safe to rely on technology that’s supported by a team that quickly responds to security issues:
We’d also like to thank the Electron team for being extremely responsive and for quickly providing a patch to the public.
The idea of cross-site scripting in my editor is far from ideal, but if you run another editor where they provide plugins are you auditing all of them to ensure there’s no malware there? I think the risk is similar in those situations.
My bigger issue with these editors is the implicit resource consumption required by them, in comparison to non-electron alternatives.