Hmmm, apparently QEMU has support for the confidential computing extensions from Intel/AMD. So maybe you would be able to run a tilde and enable people to run small VMs that could not be snooped/tampered with even with root on the host.

I think no one cares about this, but I think it's pretty cool and it would expand what one can do in a tilde.