It's a good question. I talked to Gleb and Avi about this a few months back, and I came away with
the impression that it was safe. _However_ rereading their responses this morning, I'm now not so
sure it provides isolation between users who have VMs on the same system, so I guess I'm going to
have to dig into the code and check it myself.