Right, but it can control the editor indirectly through that API surface, and the editor can write to the filesystem.
It's definitely more secure than running a non-sandboxed executable, but the entire point of a plugin is to have an effect on the editing process, and the entire point of the editor is to modify files on the filesystem. As long as that's true there's a casual mechanism for an untrusted plugin to do damage.
It's definitely more secure than running a non-sandboxed executable, but the entire point of a plugin is to have an effect on the editing process, and the entire point of the editor is to modify files on the filesystem. As long as that's true there's a casual mechanism for an untrusted plugin to do damage.