Well, if it's interpreted, the interpreter could sandbox the C code it's running, rather than passing it through directly to its own memory space.

That would kind of defy the whole premise of this thing wouldn't it? The biggest and most sought after "feature" of C is it's speed and direct memory access (and simplicity, I guess).

If you take that away, what's left?

Depends on the application, but I could see some mixture of: 1) familiarity; 2) simplicity; and 3) minimal memory usage. Browsing the source code briefly, it really does look like it's an interpreter, with C structs representing Variables, Expressions, and so on.

Of course it is possible in an interpreter.

You simply need to verify each access before allowing it, much like Valgrind does.

Of course it's quite costly do to so, and since C gives the programmer a lot of freedom I guess it's hard to optimize the tests, i.e. to know which accesses are safe without explicitly keeping track.

Are you sure? Even Valgrind does not detect everything. E.g. when you mess up variables within your stack.

That's quite different. Sandboxing in an interpreter is actually fairly easy.

Ok, you are right.