Yes, it demonstrates that it's possible to harden well - at least for some cases. It appears depending on the environment hardened kernel / runtime environments are pretty much possible to have safeguards working today already.

> desktop Linux doesn't (and won't for UX reasons)

Can you elaborate?