I know. My question is rhetorical. In a world where the only way to secure a VN machine is to reboot it every X seconds, at what point is reboot frequency so high that you might as well accept slower interpreters if it means you don’t have to reboot all the time? Or you run the kernel under a hypervisor and control the page security that way. JIT becomes a heavily scrutinized process between the kernel and hypervisor. JITed code is only ever executed in a clean address space. Etc. All the things browsers and kernels do poorly today.