Yeah - it basically comes down to accepting random binaries from random people, which is really not a good idea unless you have a very good sandboxing.

And good sandboxing that does not reduce all applications to toys due to blocking critical functionality is hard...

That's why most "normal" Linux distros accept software to their repositories in a source form only & require it to built on the distro managed infrastructure. While this is also not foolproof (you would have to read & audit the complete source code of all the software you accept to be 100% sure), it's still much better than accepting random binaries.

I would kinda assume it at least does the standard Android sandboxing (running apps separately, each, under it's own user, etc.). On the other hand it is indeed proprietary, so all bets are off - they might as well have left it out to make the emulation easier/faster etc. And we have no way (well, no easy way) of checking for that.