Turing-completeness has nothing to do with safety. XML parsing isn't Turing complete, AFAIK, yet external entity resolution is a problem. Postscript is Turing complete, but I think it can be properly sandboxed, it's a VM with no IO other than "pages" that it can draw on.
Langsec https://langsec.org/ would like to have a word with you about your view that only Turing-completeness is a problem and you can solve all security issues with overpowered config formats by just chucking them in a sandbox.
That's not what GP is saying? The point, as I understand it, is that pretty much all formats that can't be processed in a single trivial pass have to at least be sandboxed w.r.t. their time and memory usage. So just because a format has more surface-level power doesn't necessarily have to do with how prone a processor is to security issues.
Indeed, my takeaway from your LangSec link is that formats shouldn't have complex grammars that leave holes open in parsers, not that formats can't represent powerful semantics. If you reach an exploitable hole in the parser, then you've likely already lost, short of the parser itself being sandboxed. Meanwhile, a TM bounded in time and space is just a finite state machine, not unlike all the other state machines in a typical processor.
Perhaps it would be useful to describe a program type that only does one pass through its source. No loops or function calls. It may be useful to describe a single block of reusable sections, which cannot refer to itself in whole or part, to reduce program redundancy. Or rely on compression algorithms to remove the need for even that. The one pass part would be something like a shader language.
