I wonder if it's obsolete now that we have things like Wasm. I mean, in some sense, it's nothing new—the UCSD p-System, EUMEL, and Dijkstra's THE offered the same safety much earlier, just at a punishing performance cost.

Also, though, you could imagine a system that protected the hard disk from corruption without having to be involved every time the CPU accessed RAM. For example, you could warm-boot into a trusted executive every time you wanted to flush the I/O queue to the hard disk. Rebooting would reload the executive code from the disk and set a "supervisor" bit on the disk interface, which the trusted executive would clear before yielding control back to the untrusted user program.