True, and I‘ll buy that argument if your main firmware is memory safe (Rust, verified C or smth else without an unsafe C runtime underneath). Otherwise its just mine vs someone else’s C, and people have traditionally been overconfident on theirs.
Strong isolation gives fault tolerance not otherwise available, no matter the language. If one part crashes, the other part is not necessarily affected, unlike the situation without good isolation.
