E. Liddell wrote:
It also has an obsolete Javascript engine and an uncertain number of
security holes
I'd argue that since it supports a very limited portion of JavaScript and apparently none of the modern Web APIs like WebRTC, WebAssembly etc., the attack surface is actually smaller. The only disadvantages from a security standpoint would be effective lack of eyes and work on the source (the obvious disadvantage being, of course, a browser stuck in time).
Webkit
Looks like the least evil choice to go for TDE. Upstream versions seem to offer decent rendering and boast good privacy, and it can be integrated deeply with TQt/TDE.
its fork Blink
Bulky, with questionable privacy, dependent on Google's choices but seemingly very secure (sandboxing, process separation). Does not integrate really well with the system (includes its own graphics stack and does not integrate with any toolkit at all).
and QT5's repackage of Blink's core as WebEngine
Probably out-of-date with latest Blink, so not a very safe choice.
Gecko and its fork Goanna
Last I checked there was still no decent sandboxing in Firefox for Linux. Also, there is no working embedding API AFAIK with either Gecko or Goanna.
Choose your poison
Yes, that about sums it up all.