Yes, I am a professional software developer, and I know what a "Sandbox" is. And I know the code it the typical browser is so complicated that its impossible to know exactly what it does, especially since they accept "broken HTML" by choice.
That's why Safari's sandbox has been bypassed before, as in the case with this vulnerability (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism ...).
And don't think I am taking this out on Macs, because I just happen to own a few, and my primary dev box is a MacBook Pro with Yosemite.
My point is, running remote code in a browser is dangerous, period.
And Safari is Version 8.0.3