Sounds reasonable to me. This layers the software so that two cracks are required instead of one to get the goodies. This assumes that the "goodies" is full access to the users actual computer via a content exploit. (i.e. user reads a page on a site and now a bad guy reads their tax returns) Like any scenario, security practices play a much bigger role than the technology.

Ouch. Thinking about this has hurt my head.