Securing a computer does not end at the Ethernet port. Once installed and trusted, a piece of code is basically free to access a lot of resources not really necessary (think of X).
This overexposure has become critical with container technology, where the border between the resources and virtual resources may be very confusing.
Using Firejail is a quick-win for each application, especially for browsers without sandboxing. It is easy to use and configure, and the impact on the system is very small.