Hardware virtualization is cheating by using unsecure enhancements. Like 90% of existing CPUs have security vulnerabilities, that must be patched in OS.
We can have this discussion when hardware gets a few years without major security flaw!
Downloading random code from internet is just normal development on Mac. Brew, npm and other sorts of "package managers".
I have code, passwords and certificates separated in virtual machines, even IDE GUI app is virtualized, and has no rights to access GitHub, internet or filesystem directly.
But I get a lot of flack from coworkers. They say it is unintuitive and uses x86 CPU which is uncool. Mac has no reasonable VM software or secure containers!