Also it's also not what most people mean by "untrusted". From a low level hardware standpoint though... assuming user-land code isn't trustworthy IS a good guideline.