Well, at very least, blacklisting RadeonSI for webGL "by default" would be more than reasonable for now. You see, RadeonSI can be crashed by remote data. Well-known example is http://www.blend4web.com/en/demo/farm/ (The Farm demo @ blender4web.com). This one would trigger some LLVM error and LLVM library is nasty enough to kill whole browser when facing this error. Not sure why llvm should behave this way but whatever, it allows what called REMOTE DENIAL OF SERVICE ATTACK - server with particular content can kill whole browser at will.
And btw it would be nice if AMD (and other drivers devs) would get idea that its nice to be a bit more security-minded. As we can see, driver code can face calls from external/untrusted code. This actually uplifts security and stability requirements a lot. Driver should be ready to face bogus data, rather unfriendly usage, can face some attempts to exploit it and so on.