SPW currently runs under Debian GNU/Linux. Linux provides a number of options for security.
:SPW is run as the user "spw", which does not own any files on the system aside from the files under /spw.
:SPW is run inside a chroot jail. Chroot means that the process cannot access the whole filesystem, but only the directories under a certain given "chroot" directory. This is taken so strictly that any needed system libraries must be replicated under the chroot dir. From the process's point of view, "/" is equivalent to the chroot directory.
So, in theory, even if I let anyone on the web execute arbitrary code without the restrictions of PeerReview? or PerlSafe, all they would be able to do is to modify files under the /spw subdirectory; they would not be able to even access anything outside the chroot jail.