Yes! Having two architectures, one meant to securely run in a “zero trust” environment, and one meant to run at max speed while assuming inputs and code can be trusted (or will never have the opportunity to be executed such as in an airgapped environment) is reasonable. You can even combine the two and we do in practice, as seen with hardware security modules. At a grocery store you will see a lower security cash register with many functions and features connected to a higher security card reader that does a very small number of things.
An essential part of security is scoping. The door to the safe is higher security than the door to the bank. Speed & convenience & cost are paramount at the entrance to the bank, and security is paramount when it comes to securing the cash at the bank. We don’t act as though high security is always warranted when it comes to physical security so why would it be always be warranted when it comes to computer security? Sacrificing speed and convenience is willfully inflicting a denial of service on yourself, it’s only worth it if it’s less bad than the probable alternative.
Every personal computer sold has massive security flaws with only the most severe issues getting papered over and yet most people don’t have issues because the world isn’t actually all that hostile.
