Interesting thought experiment. However, you have to realize that Sun wasn’t a charity. At the time, platform vendors were were hoping to target intranet applications for the enterprise. Microsoft had a similar concept for trusted applications with IE’s “Active Scripting”, with very similar results in terms of (non)security.
As does the browser in which WebAssembly executes.
> Users can also be tricked to trust malicious applets
But the ability of applets to be trusted could have been eliminated entirely. To rewrite OP's question, then:
"If we had entirely gotten rid of trusted applets, couldn't we already do this with Java, 20 years ago?"
Of course, we didn't get rid of them, but that's still a valid question vs. inventing another technology.