Maybe a stupid question, but: what is Wasmtime for? What kind of use-cases/applications does it enable and why is this good?
It's a way of running WASM code, which can be anything from anywhere, safely. It only gets access to the folders you let it access as a capability. It gets no access to anything else.
So, no matter how evil, or confused, the program is, you aren't risking your entire system. It's the best part of capability based security.
Basically Java Security Manager for App Servers rebranded for a new generation.
Except Java has support for shared memory between threads, whereas WASM is single-threaded with message passing. Don't expect e.g. to implement a high-performance multi-threaded database in WASM anytime soon.
That's incorrect. WASM supports the exact same multi-threaded/shared-memory/atomic-operations model as the JVM: https://github.com/WebAssembly/threads