WSL probably is good but I believe it still has access to the whole Windows file system.

Linux on ChromeOS is probably better because its file system is separate. Files and directories must be explicitly shared from the main OS.

I think both have the ability to open windows on the main desktop so you can run graphical IDEs and the like in the VM which is nice.

The filesystem access is optional and can be removed, WSL2 is actually a fairly nice implementation of a linux sandbox that can be used like it's just running alongside windows. I think your concern is valid for WSL1, where the seperation is managed by a Microsoft provided Windows driver, but WSL2 is just a VM with dynamic memory allocation, so you can lock it down basically as well as any other Hyper-V VM, it just has a lot of integrations enabled by default.