Webkit is an incredibly complex and rich engine for rendering web content. That kind of content comes in so many uncountable varieties that still need to work correctly. Easy example, this is equivalent:
<b><i>test</i></b>
<b><i>test</i></b> (imagine the last I and b being switched, Lemmy won’t let me do it)
Even though it shouldn’t but there’s enough idiots doing this so the browser supports it.
Now imagine, on top of that there’s also a huge engine interpreting runnable code (Javascript). Any runnable code is inherently unsafe so it has to be sandboxed. That’s where the vulnerabilities come into play. There are so many ways to break a sandbox and it’s impossible to 100% find every single one.
Regarding experimental Features: These are for developers to verify their stuff works with upcoming features. If you don’t want that, just don’t use that. That simple.