I'm not having a debate because I'm quite ignorant of the subject. Just trying to learn from you: wouldn't recoverability and observability suffice instead of sandboxing, if such events are indeed rare? not necessarily for all usecases, but for most?