>>45
PHP is so popular is because it's easy to lock down for a webhost that wants to isolate its users from each other.
But this is flat out false, safe_mode is deprecated for a reason: because they, as usual, had no clue what they were doing. What you are thinking of most likely is chroot, all languages can "do this correctly" because everything can be chrooted. Even the cheapest shared hosting plans of the cheapest hosts still support CGI like they did 15 years ago.
For the most flexible yet proper methods of isolation on the runtime level you can only consider languages with environment specified evals, like Lua and Schemes that implement it. A JavaScript process is a sandbox on its own, but it can't make sandboxes with eval that I'm aware of.