I'm suggesting that every single application prior sandboxing was not safely distributed. It's not like anyone had a choice, there was an age before airbags.
I also disagree that extensibility is in conflict with sandboxing. As for pro media software developers, I'm pretty sure it's just a matter of time and polishing of the platform. AutoCad LT is already in.
I'm not sure why the Mac App Store represents the high water mark for safety (as opposed to a secure server maintained by the people who actually developed the software or MacPorts/Fink/Homebrew) but whatever.
Many popular audio plugins are themselves plugin hosts (just off the top of my head, Native Instruments' Reaktor, Maschine, and Guitar Rig and Five12 Numerology match that description). In this context, wouldn't that require nested sandboxes? You're sure you don't see any potential conflicts there?
I also disagree that extensibility is in conflict with sandboxing. As for pro media software developers, I'm pretty sure it's just a matter of time and polishing of the platform. AutoCad LT is already in.