Of course they can: Via network interfaces (which can be firewalled). Via shared directories on shared filesystems. Etc. With e.g. LXC the extent of isolation is can be controlled at a very detailed level. In practice, though, very little stuff needs more than a network connection to interact with each others, and very few applications actually have any business interacting with the other applications I run other than in very specific circumstances.
This is not to say that I run everything isolated from everything else. I have a "unsafe" VM for example where I compile and mess around with a lot of public code I don't want to evaluate the security of. To get further into my network from that one still takes a little bit of work. I also group together various things based on tasks.
But random code I don't have a reason to trust won't go straight into my normal user account on my laptop.
Note that a "reason to trust" can be as simple as "has been signed by the Debian packagers" for some systems. It's a trade off.