The biggest advantage of a virtual machine is that you can configure it so that it doesn't know your external IP address, and thus an attacker who roots it cannot determine your external IP address unless they break out of it. Virtual machines also have their own list of disadvantages though, it seems to be pretty much accepted that a system running in a virtual machine is more vulnerable to being rooted in the first place, as compared to a system running directly on top of physical hardware. There are also different pros and cons for the various sorts of virtual machine. If you are not going to use a virtual machine for isolation, it seems like it is counter productive to security without any benefit. If you use a virtual machine for isolation, you gain a lot in some ways and lose a lot in others. If you are going to use a virtual machine you should probably make sure never to type your shipping address inside of it, as long as you encrypt shipping address outside of the VM and transfer it into the VM in a secure way, I think the benefits outweigh the disadvantages. One technique is to use ISO's to transfer data into the VM from the host, so you can have your encrypted address on the host then put it on an ISO and then load the ISO to your VM. Pretty sure you can send public keys from the VM back to the host in such a way as well. Technically it breaks the isolation to do this, just as it would if you had a shared folder, but things seem to boil down to this: A. Your virtual machine is significantly more likely to be rooted than the same setup would be if it wasn't in a virtual machine B. An attacker who roots your virtual machine can be made far less capable than an attacker who roots your host to me the primary risk of having your VM rooted is that the attacker could intercept your plaintext shipping address, but as long as you have that base covered then it seems like the ability to protect your IP address from hackers is a big win. Not only will isolating your network facing applications in virtual machines protect you from essentially all possible accidental IP address leaks, but it will also protect you from even pretty sophisticated hackers getting to your IP address or host machine. And just to reiterate once again, it wont matter if they cannot get to your host OS or your IP address if they can intercept your shipping address in plaintext, so make sure to cover that base if you use virtual machines for isolation.