Gecko doesn’t have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one.
This seems to be the main thrust. GrapheneOS has a hardened WebView, that using a Gecko browser bypasses and adds more attack surface because you still have the WebView.
Outside of Graphene this is less relevant (because of the lack of hardening) and outside of mobile only the isolation comments are relevant, which they note are being improved rapidly in desktop.
Arguments in favour of using Gecko browsers are typically about preventing a single corporation from monopolising web standards, and having continued access to proper ad blockers, things that are not part of Graphene’s focus.
By GrapheneOS. Might they be wrong?
This seems to be the main thrust. GrapheneOS has a hardened WebView, that using a Gecko browser bypasses and adds more attack surface because you still have the WebView.
Outside of Graphene this is less relevant (because of the lack of hardening) and outside of mobile only the isolation comments are relevant, which they note are being improved rapidly in desktop.
Arguments in favour of using Gecko browsers are typically about preventing a single corporation from monopolising web standards, and having continued access to proper ad blockers, things that are not part of Graphene’s focus.