Do we do that?
Our view of security: currently, we don't provide any. The default user is root, it is impossible to run graphics app as any other user, and there are things in the API that allows escaping chroots (eg. the ability to open files by inode number). These are flaws we can't fix in R1 because changing these things would break compatibility with BeOS.
There has been no audit of the codebase and it is likely to have many problems. We will fix them as they are found and when it is possible without breaking binary compatibility. Otherwise we will take note and rework the APIs for R2.
If your interest is in security, Haiku is not exactly the worst choice (there are some other OS with still no memory protection at all out there...), but there are certainly a lot of better alternatives, both free and commercial.