Re: Same process = no problem @Traveller
I think the issue that your are touching is much broader. If you host a service (e.g. a web browser) that expose a Turing machine (e.g. a javascript engine) to external parties (e.g. websites), then you need to be very careful about what is available to that Turing machine. Ensuring that code is not able to exploit speculative execution bugs in that closed environment should be easy (and to my understanding it has been solved).
With regards to scheduling, then it would be similar to being NUMA-aware when scheduling.