See my response at
https://github.com/endojs/endo/pull/1424#pullrequestreview-1244775356.
In summary, I don't believe this is an actual attack because:
1. Carol can detect the async context state of the callback's invocation, even if the callbacks are `===`.
2. Carol can censor the async context state to an empty state if she desired.
I think the current code as "not AsyncContext aware", but when they're added to the language, membranes will need to update. In fact, if we wanted to fully support a membrane across realms/computers/etc, the membrane would need to snapshot the current async context state when a callback is passed to the other side, so that it can be restored when the other side finally invokes that callback.