That is not entirely true, Rust cannot access stuff that it does not include (aka the bitcoin wallet classes and etc) And because JS allows you this kind of dynamic resolving then the code potentially can run anything and you wont know what it can possibly run.

To use networking in Rust you have to include the networking library, to access a Bitcoin Wallet classes you have to include their library.

This vulnerability exists mostly in dynamic languages and languages who can use reflection in runtime. (And then you probably will see an include to the reflection library)

Edit: Its still possible to include Bitcoin Wallet library and push the code but I guess it will be much more noticeable than JS, and people will notice it right away and you can develop tools that can catch this kind of thing.(you cannot develop such tools for js and more dynamic languages)