Naturally no sane wallet dev should be sending the seed to the server. But if the wallet's code, whether distributed as WASM, JS, PHP, or anything else is served over HTTPS, then the user's seed can also be compromised by the server if it simply serves the client malicious code.

Also, whether the code is open source or not has zero bearing on the code actually served to clients' browsers.