Beyond a doubt the people who are best at security are the ones who are largely in favor of correctness over all else. That said, there are some very good security researchers who are in support of isolation. OpenBSD is pretty strongly against it actually, they don't have mandatory access controls either pretty much as close as they get is systrace and the standard permissions system. It isn't like FreeBSD is made by a bunch of fucktards who have no idea what they are doing, and in fact even some of the people who are in the correctness-only-fuck-everything-else camp have good things to say about FreeBSD jails as opposed to other sorts of similar isolation based techniques. You need to know the limitations of virtualization. Using things like Virtual Box can hurt your security, especially if you are using it willy nilly with no good reason, like you are running everything inside the same VM. In these cases you are taking a security hit and you are not getting any real advantages. I like the idea of running Tor on the host with network facing applications isolated in a virtual machine, although I do suggest doing this with hardware which gives all of the same benefits without any of the hits to security that come from virtualization. Also keep in mind that different types of virtualization have different security benefits and disadvantages to weigh. At the end of the day a very skilled attacker is going to laugh at your virtual isolation and break right out of it, but lesser skilled attackers are going to be stopped by it. In fact there have already been cases where running web servers isolated in virtualbox VMs prevented the feds from deanonymizing hidden services that they managed to hack into, because they couldn't break out of the isolation and only gained access to internal IP addresses.