There is an avoidable pitfall in Factory usage.
The requester passes in a spacebank and if
that space bank buys and sells material from a general pool
(which is the current normal practice) than an unconfined
accomplice can obsereve the waxing and wayning of storage
and thus receive signals from code within the confined
environment. Banks can be configured to limit this
effect to zero or near zero at fairly small storage cost.
This "covert channel" was found by preliminary formal
security analysis.