The world will take some time to adapt to correct security mechanics, just like all other software worlds did. The security harness is not only a security harness, its a whole layer that abstracts away access to the operating system.
I'm assuming you mean SELinux style sys call blocking. I think you need both - syscall blocking for the system/deno layer, which enables app layer security in deno itself. That would be the composition-over-inheritance / functional approach.
