Apps are sandboxed, but WebKit runs outside the sandbox with additional privileges such as JIT and multiple processes and communicates with the app through IPC. This change is allowing third-party code to also run with these privileges as long as they follow certain security standards.

Imagine if they spent the last fifteen years hardening those privileges, rather than fighting like hell to keep everyone out of their treehouse.

like iMessage. Oh wait :)

iMessage runs at the system level, and there's an argument for it as it needs to run all the time to process incoming message notifications.

But I don't see why a browser should run at system level - if the app is closed, there is no reason for its code to be running.

iMessage has also been the main source of hacks for iPhones for years if not decades. Apple really struggle with securing iMessage.

It definitely does not need to run all the time, it could be woken up by incoming notification like all other apps (and I hope it is how it actually works).