Complexity is the enemy of security and there’s nothing more complex than the general-purpose computer: the gnarly hairball of Turing completeness that lets attackers exploit your lightbulbs to attack your printer so it opens a reverse shell to their C&C box.
To a first approximation, a computer that can’t run bad programs is a great answer: just design a cellphone that can’t run FBI-proof encryption, or a set-top box that can’t run a Netflix streamripper. Mission accomplished!
The problem is, the Turing Complete Minus One computer doesn’t exist; instead, these ideas always end up being rootkits by another name: a device whose non-admin-accessible hypervisor spies on everything you do and tries to terminate any “bad” processes.
This is a catastrophically bad idea. What’s worse is that corporations and governments are converging on a set of incentives to implement this technologically bankrupt idea in everything with a system-on-a-chip, from your toaster to your tractor to your pacemaker to your car.