on your second point, check out how we lock down the sandbox with a custom deno runtime! https://github.com/portofcontext/pctx/tree/main/crates/pctx_...
on third, will def get some benchmarks out... we setup OTEL so we have the data