Sure it's a game engine, they are not exactly praised for their security. but my understanding is for games the end user has a mental modal where the engine isolates the users computer from the game content (the levels, art and game logic) I am not sure how relevant this mental model is to unity. Where unity is more of a game engine framework and the engine proper and the game code are more or less intertwined within that.

The gold example is the original quake where the engine had an application specific vm to run the game code. Again, not security focused and I am fairly sure vm escapes would be easy to find. But I also don't remember ever hearing news how a quake mod installed a rootkit on someones pc.