i'm not sure if you followed the past few years for the stream of vulnerabilities in Adobe products, in particular in their PDF reader, but Dan Walsh surely must have as he specifically talked about preventing "untrusted content" from doing damage, and *not* about sandboxing maliciously written applications per se.
in other words, the implicitly stated threat model is about an attacker sending the unsuspecting user a specifically crafted PDF file that upon view would trigger an exploitable bug in the PDF reader and do whatever it wants. and he stated then that this sandbox would prevent that so that admins can "trust that the content can't cause the filter programs to do evil things". now since a kernel exploit is just regular code i don't see how this sandbox prevents it. then this means that this sandbox is trivially breakable and that makes it useless against the implied threat model. or at least i don't think this sandbox involves asking the potential attackers "but do not include kernel exploit payloads in the prepared PDF files, pretty please" :).