For a related concrete example, I think there were some interesting suggestions for making templates without network infrastructure in an earlier topic:
I believe that removing functionality from inside the template does not guarantee there are no ways for mistakes/compromise to have bad effects, but it can make it much less easy - both for it to happen, and for it to have the worst outcomes. It can be combined with other functions outside the AppVM to enhance protection from some risks.