There are some folks however who do see the advantage in running things
as compartmentalized as possible. For example: should I ever
accidentally attempt to open a PDF in my mail qube, nothing bad can
happen because there is nothing installed that could open it.
I strive to come as close as workable to a 1 qube per app/domain,
because that is obviously safer. What’s not there can’t be exploited or
exfiltrated or even shared/leaked by mistake.