"Though impossible by design..."
"Though impossible by design, the hypervisor can still have implementation vulnerabilities."
How true of so much software. Remember, NT4 is can be configured to pass C2 security compliance. While the "design" may be "perfect," theory usually is. The reality is that it's left to developers to implement these theories. Any software is only as secure is its least skilled developer.