Caterpillar

If anything that can be the source or target of I/O operations is represented as a value, then code is sandboxed by default. A third-party library can't log your keystrokes and send your password to a server, unless you pass it the values that represent the respective resources.

At the top-level of your application, the host can provide you with all the I/O resources that are available. It is your job then, to hand those out to the code that needs them. Maybe further restrict them, to provide access to a specific directory instead of the whole file system, or a specific server address instead of the whole network.

All of this may become a bit tedious at times. But I'm convinced that the benefits to security, but also the developer's ability to understand a piece of code at a glance, are going to be worth it.