The “security and performance” concerns that you raise don’t appear to be obviously solvable?

More precisely:

• If you want a web where people can create things, then you need some identity mechanism to give edit permissions.
• If you want a web where parts of sites can be embedded and remixed, then you need to some system of seamless data sharing between the parts.
• If you want a web where anyone can participate, then evil will exist. And the combination of embedding & identity will enable people to do bad things, like clickjacking attacks (e.g., you think you’re giving your credit card info to Amazon, but you’re actually giving it to an invisible window overlayed on Amazon).

It’s like the problem of evil: we can’t have a all-benevolent and all-powerful God that allows good people to suffer. It’s a paradox. We have to compromise on one.

In the same way, maybe we can’t have a web that supports full authoring and embedding that allows anyone to use it securely. It might be a foundational paradox. All systems have to compromise on one, breaking the interoperability in some way.