OSes are getting hardened with a per-app security model (instead of per-account which you describe). Hardening Firefox so that it won't compromise itself through XPI (which are opaque to the OS) is part of a defense in depth strategy. Security policies can prevent applications from scribbling over each other's memories as a general rule, whereas attaching security labels to profile directories requires targeted policies that are much more fragile and full of false positives.