I don't think user facing programs needs to be hermetic. If you want to limit behavior of a software there's always AppArmor and SELinux.
Trying to make a set of applications can't interact on an (desktop) environment which built on the promise of cooperation and inter-application communication is backwards from my perspective.
I understand that the browser is a significant vector for attacks, but there are other and more elegant ways to counter these attacks, and these can be layered from application itself to kernel and to hardware. This layered approach is more integrated, universal and applicable to a broader surface area in the OS and application stack.
<rant> Romanticizing isolation and immutability, trying to apply it everywhere in the software stack is a big step backwards in usability and productivity. These technologies are useful in some (and mostly in) server/service scenarios. Trying to apply these principles to everywhere is akin to only having a hammer and seeing everything as a nail. Just because they're easy, they're not the correct and best solution for anything and everything. Maybe we shouldn't be that lazy and try to create more useful and transparent user sandboxes built on cgroups, SELinux and AppArmor, and works with the package managers or traditional distro layouts seamlessly. </rant>
