I have this feeling that one day we'll look back in a sort of amused horror that people used to let their browsers run code they downloaded from unknown servers. But I'm not really sure what we'll be doing instead of that.
IMO, this is really important and system application security is not in much better shape than web browser security; you still need to trust a huge number of sources and these sources have known security issues regularly. For that matter, it is probably not that difficult to insert known vulnerable code into some widely used application without it being detected. While there will always need to be some trusted code, it is possible to limit the amount of trusted code and the number of sources that code comes from given better OS security models.
Since hardware and firmware can also be subverted, IMO a new security model should also be able to track and limit what network traffic is intended so that the network traffic actually generated can be (potentially) verified by additional machines on the network and/or by other verifier virtual machines on the same system.
