You can sandbox php by changing the context the thread is running in before entering the plugin code. The issue is that there’s (currently) no delineation between internal code and plugin code (actions / filters) and changing back out of that context without a plugin doing the same to escape the sandbox.