I affirmatively argue that actually secure computing is not a possibility. It's fun to build toy models where every process has exactly the permissions it needs and no more, sure. In the real world, your users are going to grant superuser/admin permissions to random installers, and they're not going to perform the complex verification rituals you told them to do beforehand.

It's like trying to set up a warehousing system so perfect that the shrinkage rate is 0.