We already have a way to do this. See http://lwn.net/Articles/353203/, where Dan Walsh explains how to sandbox Acroread using selinux. No speed hits required, and it catches more things than just boundary errors.
I still think that a seccomp-based solution would be the way to go. Similar to what Google did with Webkit in Chrome. That would not require SELinux to be enabled (it's not available on my current distribution) and would be a true upstream solution.