They originally used JS realm polyfill, which is not real JS realm. The polyfill has some security holes. Now they switched to Js interpreter in Wasm.

https://www.figma.com/blog/an-update-on-plugin-security/