Nitpick: sandboxing also makes sense for anything that executes untrusted code and similar. But the proper solution includes designing the sandboxing into the application, like Chromium does it. So this doesn't have much to do with the confused claims of those claiming that "Linux is insecure" and similar.