We’ve learned that most software that we run on our computers shouldn’t be completely trusted and most users can be tricked into running malicious software. Pretending that supply chain attacks don’t exist isn’t security either.

The ability to sandbox software (with a lot of effort) means that you can run software you don’t trust. The web is built on this.