Obviously not looking for any guarantees...

Looking to understand if this is reasonably suitable for the purpose of running untrusted code and only allowing it access to specific data, not allowing access to the system/process/filesystem/runtime/etc.

I don't think so. There are some pretty easy workarounds for that kind of thing, e.g. accessing anyObjectFromTheOutside.constructor("this") to get the outer global. For proper lockdown you should use something like Google Caja's SES. @kriskowal has a port of that over at https://github.com/drses/ses although it has an ominous status warning at the top.

Awesome thank you :)

I’ve been kinduh waiting for a better vm module for SES. Maybe I should revisit SES on iojs.