Right, but nobody actually uses curl as the end destination, right? You use it to download something so that you can run another tool on it.
And as such, you need to already be sandboxing the tool (since it processes untrusted data you received over the internet).
How would sandboxing curl help with vulnerabilities in your pdf reader?
Obviously, you need to sandbox all tools in the chain that handles untrusted data. This is security 101 stuff