My biggest issue, is that most apps need filesystem and network access these days. And the permissions aren't fine grained enough in terms of how they're limited.
If filesystem access could be limited to constrained directories and files via configuration for read-only and read/write, it would be a better option. Likewise, if network access could be constrained to specific IPs or named addresses with wildcard matching.
With those options to whitelist your resources, anything that tries to do otherwise (rogue modules), then the application can blow up with an error informing as much.