Not buying these exaggerations. Most security vulnerabilities are in the applications themselves, eg buffer overflows, or on the client side. Let's see some evidence where weakness in concern-separation from VMware instances or sudo glitches is a major contributor to malware mishaps these days. I suppose the main vulnerability is a bit less control against insider malfeasance, and those are mostly due to configuration errors or corrupt admins.
There are architectural reasons to separate, and economic & practical reasons to consolidate - or not. I'd say you're off the curve of reasonable expectations if you're asking for mainframe-style "trusted" isolation on a setup of only a few (or just one) PC-grade servers in which you have all applications and services running together along with a variety of login access from different categories of users who may be potential attackers. Not that there's anything wrong with the BSD's etc, but in the scenarios you imply, you might be placing your support resources in areas of lower risk priority. Or maybe you yourself are the single supporter?
I say "PC-grade" because your scenario sounds economically uninteresting -- important enough to protect as you want (with excessive apps & users), but not important enough that there's budget to do hardware separation. Just because you're broke doesn't mean that Unix is broken. I agree that BSD Capsicums (etc) may be a good fit for these outlier use-cases, or special situations, but mostly if your establishment is willing to make a heavy technology investment in going that route.