Security is a broad topic.

Here's how my perspective:

smolvm operates on the same shared responsibility model as other virtual machines.

VM provides VM-level isolation.

If the user mounts a directory with the capability of symlinks or a host OS with a path for guest software that is designed to escape - that is the responsibility of the user rather than the VM.

Security is not guaranteed by using a specific piece of software, it's a process that requires different pieces for different situations. smolvm can be a part of that process.