That's not what GP is saying? The point, as I understand it, is that pretty much all formats that can't be processed in a single trivial pass have to at least be sandboxed w.r.t. their time and memory usage. So just because a format has more surface-level power doesn't necessarily have to do with how prone a processor is to security issues.
Indeed, my takeaway from your LangSec link is that formats shouldn't have complex grammars that leave holes open in parsers, not that formats can't represent powerful semantics. If you reach an exploitable hole in the parser, then you've likely already lost, short of the parser itself being sandboxed. Meanwhile, a TM bounded in time and space is just a finite state machine, not unlike all the other state machines in a typical processor.
Perhaps it would be useful to describe a program type that only does one pass through its source. No loops or function calls. It may be useful to describe a single block of reusable sections, which cannot refer to itself in whole or part, to reduce program redundancy. Or rely on compression algorithms to remove the need for even that. The one pass part would be something like a shader language.
Indeed, my takeaway from your LangSec link is that formats shouldn't have complex grammars that leave holes open in parsers, not that formats can't represent powerful semantics. If you reach an exploitable hole in the parser, then you've likely already lost, short of the parser itself being sandboxed. Meanwhile, a TM bounded in time and space is just a finite state machine, not unlike all the other state machines in a typical processor.