[hoytech]

Yes, exactly, otherwise buggy applications wouldn't be a big deal because we could run them on their own dedicated computers.

Section 2.5 of this paper has a good discussion on this: https://cr.yp.to/qmail/qmailsec-20071101.pdf