GNULinux, that extra link had some interesting info. The way I read things, the concept is a "LiveCD for applications". An ISO image that contains the application plus everything needed to run it, with a bit of extra to automatically "mount the ISO and run the contents". As a concept, interesting. It helps get around the upgrade hell where one application requires a new library, which causes other applications to break, etc. Kind of the way Windows has multiple DLLs for the same thing, versioned.
If they wind up running "jailed" or sandboxed, with limited permissions, any malware damage can be limited or mitigated. But now we're adding another layer that may have vulnerabilites not yet discovered that could lead to bad things. Think of how many websites are compromised because of a flaw in a tool they use. HTTP server may be locked down solid, but a call out to PHP or some script gets around that.
Standalone does not make secure, unless by "standalone" you mean "no external connections". The glibc vulnerabilites that pop up; if an application is statically linked to glibc, it can run "standalone", but because of a flaw in glibc, it opens a vector for attack. Web browsers do the same thing.
Conceptually you want to do what Java and a lot of smartphones do (iOs and Android). Apps run in a sandbox: a very limited environment, with very strict rules as to how system resources are accessed. You want to open a file? System call to do that, all kinds of checks and balances happen before the file is actually accessed. Graphics, audio, video same thing. Yes, you can still cause problems if there are flaws, but by keeping the sandbox small, well written and audited, you have a higher chance of success.
A lot of the Windows malware takes advantage of poor coding, poor integration and "too big to fail" concepts. Think back to some of the MS lawsuits where they claimed IE was part of the operating system. In no sane world is a browser application part of an operating system.