Because if there is a vulnerability in Lunatic, one Lunatic process could (in theory) gain access to another Lunatic process's data. Kernel-space processes protect against that through various mechanisms and their implementation has been battle-tested over decades.
The kernel has vulns all the time. It’s super complicated and complex and C—that’s the real problem. Lunatic is new and simple. I wouldn’t be surprised at all if Lunatic was more secure than the kernel.
Because if there is a vulnerability in Lunatic, one Lunatic process could (in theory) gain access to another Lunatic process's data. Kernel-space processes protect against that through various mechanisms and their implementation has been battle-tested over decades.