[Xuzz]

That's incorrect. All apps are sandboxed — Safari most of all, in fact — comex just found ways to break out of the sandbox, usually by exploiting something in the iOS kernel.

In addition, while it is possible to make the dock connector power only, it's only possible as of iOS 5 (with WiFi syncing). Also, that dramatically increases the cost of repair: a single corrupted file can't just be fixed in a quick bootloader-level restore, it requires reprogramming the entire device at the factory (let alone the difficulty of simply transferring a large music library from a computer without USB).

It's definitely not "simple" for Apple to make jailbreaking more difficult than they have. iOS 4.3+ include all of the security measures you'd expect in a modern OS: W^X, ASLR, codesigning, etc. And still it was possible to evade those and exploit the browser+kernel in a foolproof, web jailbreak.

(I designed the website for http://jailbreakme.com/, and while comex did put a crazy amount of work into that project, it is certainly possible that someone could repeat it.)