As I recall, the issue they meant to address wasn't security but stability. Apparently a majority of BSODs were caused by faults in the driver taking down the kernel with it.
This means you aren't preventing drivers from having full access. You just need to prevent more unintended side-effects.
And you can do things like give people specific permission to access the kernel when doing the driver install. ie. "This driver does not adhere to Vista driver standards. Do you wish to install as an XP driver?"
Suddenly, people can run that business critical, single, old driver as unsafe while running the other drivers safely.
Alas, some manager at Microsoft decided it was more important to get his numbers up this quarter so he could get his bonus. In so doing, Microsoft orphaned a bunch of people on XP just like they orphaned a bunch of people on VB6.
Microsoft made its own bed; now it has to lie in it.
This means you aren't preventing drivers from having full access. You just need to prevent more unintended side-effects.