Why would a vm for the project be annoying? What whole disk? They could look at the OS files installed I guess but there would be nothing belonging to any other project or user on there. If they change something they shouldn't you can roll it back. If you want to write data but not let them read it then write it to an external log server or a write-only disk. Complex security schemes are a lot more annoying than just properly dividing security between services.
I already spend more effort than I like ripping out useless security features. Every project has a virtual machine, or several, and they are isolated from each other. I don't need outdated security features that just get in the way. As it is I'd be more interested in a Linux distro that came with all that crap removed. It's been years since I used groups on a production server, I never found ACLs useful, I usually disable firewalls, filesystem permissions are a hassle far more often than they are useful, etc. Heck, the only time a real person logs into most of my systems is when something goes wrong with permissions or some other protection feature and causes a problem.
Make sure the virtualization servers are up to providing proper security between instances and from the network and then scrap all that stuff in the guest OS.
I used to use fanciful names but anymore I have way to many servers to do that with. So now we get VMHOSTn (VMHOST3, VMHOST55, etc), WEBn, ISCSIn, etc. And usually n represents the last octet of the primary IP address. 10.1.1.1 might be ISCSI1 while 10.4.5.6 might be WEB6.
It's not so much how you put the code together as understanding the way the different components work together. Scratch doesn't hide the details very much - it just provides a graphical representation. Any experienced programmer knows that it doesn't really matter if you use Python, Perl, Java, or C so much as knowing how algorithms work. All that other crud is dealing with your language's syntax and limitations and how the code will be executed.
I've previously made a tool similar to Scratch for writing shell scripts and it was a pretty interesting experiment although I eventually decided the mouse was a slow way to program. I've also done some domain specific languages for games and tools that used a lot of visual components and it can work very well for those.
Recently I've been experimenting with making a tool for programming in a multitouch environment which I think works much better. Right now I'm working on producing JavaScript but thats only because it's easy to use on both iOS and Android. All the normal language features such as defining functions and variables, control statements, etc are simple gestures and instead of naming things with a string the programmer can make a doodle (or type in a string). Existing code is visually expressed and can be edited by touching the area that needs editing. I think the concept is strong although obviously certain details will need tweaking.
Whereas the name iCloud was meant to sound like an Apple product? Anything named in that way is being named to make people connect it with Apple.
I think Apple should be more careful but this is obviously a case where both sides contributed to the problem.
Scientists will study your brain to learn more about your distant cousin, Man.