PHP is entirely managed and is "isolated", and yet PHP websites get hacked all the time, leading to the customer data being stolen.

well, then do a better job at it. I am not convinced you cannot have a virus free system.  for example, a system should always be talking to the OS producer, making sure that all of the binaries match what the producer installed on the system.