In particular, a malicious user should not be able to poke about in memory, read from disk, or access the network. Because if they can find a way to do so, they will!
