I don't see this kind of sandboxing as likely to help. Whether your scripting language is compiled or interpreted, if any accessible portion of your system is written in a memory-unsafe language like C, that is where crackers will find the most damaging exploits. E.g., http://stackoverflow.com/questions/381171/help-me-understand... which attacks a native XML toolset (some "data binding" IE feature I don't understand) without breaking any javascript rules.