You're right to frame bitcoin-powered Internet as creating a huge, new space of vulnerabilities. If lightning browsers uncritically call payment(request_data) then bad stuff will happen. People would have to develop rules to limit carefully what kinds of data they're willing to send and receive. Subversions of those rules, or the systems which enforce those rules, would immediately lead to costly and therefore quickly noticed attacks.

Bugs which caused such subversions would not be zero days because they'd be exploited in the wild by their discoverer immediately upon discovery, not hoarded and privately sold in a darkweb market. After all, someone else could find that bug and start profiting from it, exposing it for all to see and squash. The economic incentive (of a blackhat) is to exploit a networking bug immediately before someone else does. This gets bugs fixed faster.

"Data in payments", to use your evocative framing, makes networking more secure by changing the economic incentives of attackers to shorten the lifecycle of bugs. I think this kind of pattern recurs in other areas such as distributed databases. Think of key-value sets and gets in some giant cloud database that is actually just a market. The same zero-day killing behavior will occur there, too. This is how I see a bitcoin-powered Internet emerging over time :)