I found answers to some of my questions on my own:
- The AppContainers thing sounds like it directly refers to the Panes in Explorer referenced, and it sounds like it is Explorer creating the sandboxes, so they wouldn't bubble out of the Pane, so it probably is correct that versions of Windows 10 doing that don't have a lot to worry about that as an exploit vector. That probably doesn't apply to other possible vectors such as evil PDFs/Word Documents, though those generally have warnings for PostScript fonts at this point. (I glossed over the Panes as the concern for the idea it might be running in the Explorer process. Their an "extension point", so Explorer moving them into sandboxes sound like exactly what it should have done, and not surprising is what it is doing.)
- DirectWrite is considered to have parts forked, but entirely independent, from ATMFD. Some CVEs have been caught that also impacted (lightly) DirectWrite, but this doesn't sound like one.
It's a sandboxing method, and atmfd was moved into a sandbox to reduce the risk of people exploiting bugs in it. At this point it is clear that sandboxing it was worth the effort.
Fair, that link points out the Kernel hosts some sandboxes directly. I had assumed they mostly had to be opt-in at the application level (opt-out in the case of the UWP platform), given the name, and those Panes are open third-party extension points and it does seem like sandboxes should apply to anything running in them as well, so it seems a fair assumption to believe that is where they were applied.
- The AppContainers thing sounds like it directly refers to the Panes in Explorer referenced, and it sounds like it is Explorer creating the sandboxes, so they wouldn't bubble out of the Pane, so it probably is correct that versions of Windows 10 doing that don't have a lot to worry about that as an exploit vector. That probably doesn't apply to other possible vectors such as evil PDFs/Word Documents, though those generally have warnings for PostScript fonts at this point. (I glossed over the Panes as the concern for the idea it might be running in the Explorer process. Their an "extension point", so Explorer moving them into sandboxes sound like exactly what it should have done, and not surprising is what it is doing.)
- DirectWrite is considered to have parts forked, but entirely independent, from ATMFD. Some CVEs have been caught that also impacted (lightly) DirectWrite, but this doesn't sound like one.