Not to nearly the same extent; the key is to not grant unnecessary authority in the first place.

Let's say I'm using a `left-pad` function that someone else wrote, and I'm using a system in which modules aren't granted any authority except what you give them. If I then call

  left-pad('foo', 5')

...I don't really have to worry that it'll go rummaging around my filesystem for my private keys and exfiltrate them somewhere. After all, I didn't give it access to my filesystem or the network! (Side-channel attacks notwithstanding, things get thorny real quick at that point.)

Now, you still have to worry about the function not doing what being correct - it might return an empty string, it might go into an infinite loop, etc - but you've tremendously reduced the scope of what this module could do if the developer were malicious.