The control systems for a nuclear reactor or a flight data processing system don't ever need to run CreateDancingBunniesDrawingsIn0Days.exe, or any arbitrary code for that matter.
Neither, for that matter, do 99% of modern office workers - They don't need anything beyond what amounts to a dumb terminal with a dedicated connection to their ERP system. In security-insensitive environments, we've gotten used to having a web browser and music player and Solitaire and maybe even the ability to customize our desktop and cursors and so on; but AP voucher entry doesn't require any of that.
This 100k module clearly just does old-fashioned whitelisting, albeit at several levels beyond mere code execution (I/O, memory access, etc). The only really interesting angle of it, IMO, comes from the claim that it doesn't require binary signatures, so how does it know what to allow? As my best guess, they could evaluate the use cases for each client and just compile the list right into the binary, but I doubt we have any way to confirm or deny that.