VST plugins can execute whatever code they want once called by the host, so the only obvious way of sandboxing them is to have a separate process (bridging) per plugin. In fact, that's how the VST loaders in other hosts (eg. Buzz) have been doing it for many years. This inevitably introduces some overhead due to inter-process communication and synchronization, but it sounds like the sandboxing can be activated or deactivated here as well, so you have the choice between "fast and dangerous" vs. "slow but safe".

And since Tracktion is one of the flagship JUCE users, I'm willing to bet they're using the JUCE interprocess classes:

https://docs.juce.com/master/group__juce__events-interproces...