I have less confidence than you do that network security will be handled well, Bryant. Ethereum’s requirements are not the same as most other networks, and I think many client developers have yet to grapple with the implications.
I’m not sure which compilers it is you think can be updated easily. I think most all our EVMs are interpreters, and wouldn’t trust existing Wasm compilers with any kind of security.
As I understand it the EVM would not wind up a subchain anytime soon, as EVM code must keep running on the mainchain in order for the Shasper beacon chain to work. Further, every accessible EVM contract on the blockchain must keep running somewhere.
And indeed, verification is difficult, and porting verified EVM code to eWasm–and your specs and models and tools–might not be fun. It would easier to trust an evm2wasm compiler.
So I expect it will take a while for the community to sort out where all of this is going, and expect eWasm to expand the ecosystem rather than replace the EVM. Things have by no means all been accounted for–in many ways we are just getting started.