Regarding timing issues, that was dead for a while because of spectre and pals, JS runtimes had to mess up the precision of timers in order to mitigate the attack. I've heard it has been enabled recently on secure contexts, though. Just my 2c.