This "ship all libraries in the package" approach is also quite scary, you never know if an app will use your patched local libraries or use an ancient library with lots of exploits.
That said, the OS-sanctioned runtime could very well support a shared-object-like approach instead of one-binary-per-app but that would 1. complicate the runtime quite a lot 2. hinder startup times of wasm apps due to dependency solving.
Double so for anything exposed to the internet.