Your points around a compromised JS bundle are still possible but that has more to do with a company’s deployment/change management setup than JS itself imo
But that's the only point I intend to address here. If Pascal had been the language of the web then my question would have been about Pascal.
Therefore I don't see how SubtleCrypto changes matters much.
In short, if I get it right, the argument would be that in eg a mobile app, all the e2e logic (the core crypto plus the code around it) go through peer-review, then some release management process, then some review by Apple or Google, before it lands in my hands via their app stores' well secured delivery mechanism. In a web app, a single compromised server will compromise all security instantly. Generally I'm fine with trusting Mozilla's servers, but if I have to trust their servers then what's the point of end to end encryption?
This is only true if the server has access to the keys of your data. E2EE typically means that it doesn't, only you do.
Here's a site where you can test your browser's compatibility with many combinations: https://diafygi.github.io/webcrypto-examples/