Well with qubes your security comes from VM isolation, so wouldn't that make using a gecko browser safer? If a browser exploit gets through the browser its stuck in a disposable VM with nothing else on it. Also the mullvad client is on another proxy netVM

Here's the other one I know of that has some degree of trust (non browser based also available)

https://pteo.paranoiaworks.mobi/en/

It says it is client side you could also download the page with what and open the html file for added assurance