> which causes arbitrary code to be executed on your system, which might
> then do something like install a spam bot or post your private keys to
> some irc channel.
...or exploit a kernel bug, disable SELinux, escape the sandbox and all the other bad things you're saying you're protecting users from.
> This is an application of the principle of least privilege[...]
instead it's giving innocent users a false sense of security. but if you actually believe your own statements, you're free to give the whole world arbitrary code execution rights on your personal box and see how long it'll last ;).