There are no verifiably sandboxed environments on any consumer IT equipment.

The $0.99 game I downloaded does not have the ability to inject keylogging code into my bank management application

It might do.

Implementing applications as the moral equivalent of a highly-dynamic text document

I wasn't aware that moral equivalence was such an issue in dynamic text. Oh, that kind of dynamic text, you should have said. There's some tissues in the cupboard.

nerds keep pushing it because it seems like a cool plot to a sci-fi novel

Nope. Not enough spaceships, lasers or robots.

If they actually cared about security, they'd disable Javascript, disable Flash, disable WebGL, and turn Chrome back into a web browser

All of those bar webGL precede chrome by lots. And on that model of security, you might as well just not bother plugging in the computer in the first place.

I do want a cardboard boat though. I wonder if Shigeru Ban will make one if everyone asks him really nicely.