If the interface between any security domains is well enough constrained then it's secure. The central problem is that if you can gain even a few bits of flexibility over unintended control flow then it's highly likely you can leverage it to usurp the Turing machine in a universal way, and run whatever you like. All the ASLR/stack canary/etc technology complicates the task greatly but raises the theoretical bar hardly at all.
Almost all Turing machines are universal, yet when we create a secure system we're trying to find a (usually very) complex machine which is *not* universal. It's an almost unimaginably impossible task.