The filesystem access is optional and can be removed, WSL2 is actually a fairly nice implementation of a linux sandbox that can be used like it's just running alongside windows. I think your concern is valid for WSL1, where the seperation is managed by a Microsoft provided Windows driver, but WSL2 is just a VM with dynamic memory allocation, so you can lock it down basically as well as any other Hyper-V VM, it just has a lot of integrations enabled by default.
Linux on ChromeOS is probably better because its file system is separate. Files and directories must be explicitly shared from the main OS.
I think both have the ability to open windows on the main desktop so you can run graphical IDEs and the like in the VM which is nice.