Urbit is not secure today, but we do know how to secure it.
The most important effort is userspace permissions, which provides a security model for the barrier between different applications running in userspace, as well as the interface between userspace applications and the kernel.
Sandboxing browser clients will complete permissions enforcement for Urbit applications.