That seems to be the state of the art.
I like to think though that if I obtain untrusted Rust source code from some enemies spy agency and if I disallow "unsafe" when compiling it. Then the checks Rust puts in place render it harmless. It can not perform I/O that I don't allow, it cannot get hold of memory I don't allow and so on. I should become as harmless as Javascript, except that it all compiled in one go rather than interpreted or JITed.
Give the topic of this thread and whatever other bugs there may be in Rust's safety system I guess we are not there yet.
However there is at least one operating system that has been built in Rust based on that premise. It uses the languages safety features rather than hardware memory isolation between processes etc. Sorry I can't recall what it is called or who developed it.