It's outside of the threat model. Currently the whole stack assumes that the code is trusted. Even something like cargo metadata
can execute arbitrary code (Security breach with Rust macros - #4 by matklad), and you can't reasonably sandbox that, as it needs network, write access to disk and ability to spawn external processes.
3 Likes