I agree with @lastmjs that this (just the potential of a wasm jail-break)is a significant serious security issue for EXISTING dapps on IC.
For example :
The NFT Cronic Critters have an average value of about 10 icp for about 600 odd critters today based on sale listing after removing the ridiculously priced critters from the average calculation. There are roughly 5000 critters currently in existence. These are worth 5000x10 = 50,000 icp. At current approx $60/ICP , this is roughly $3M USD at risk in ONE nft type. Isolating canister executing in a sandbox would substantially reduce the risk; even if there are no known instances of WASM jail breaks.
It will only take one successful jail-break to completely erase trust from the community that we have tried, so assiduously, to cultivate. I would anticipate that TODAY we have close to $30 m in just NFT assets that are under risk. This estimate is based on the ROM of 10 different NFTs that are estimated to be on the IC today.
While arguments could be made to say that we have never seen an jail-break successfully occur in the wild, the amount of money is sufficiently large that it will attract hackers. I would think that securing canister execution should BE AT THE TOP of the priorities.