Yes, in reality you might use chroot, limited filesystem permissions, and a restricted shell as a belt-and-suspenders approach.