The way Haiku probably needs to go on security is to be more like recent versions of macOS and have the OS control access to certain directories/folders, prompting the user when software wants access to one of their directories. Similarly for network access. The nice and generic way to do this is with something called capabilities, which is actually a pretty old idea but it has had more of a resurgence in the last decade or so.
Capabilities could probably be added to the necessary syscalls that the kernel would enforce with maybe a userland server (registrar probably) caching capability choices per application.
Add a simple and secure login system for a single user plus disk encryption and I think things would be pretty secure (beyond of course bugs that could be exploited.)
Having multiple users would be lower priority in my opinion.