These fail together, I'd call them equally safe. Using an unusual (and
   small) stack is safer as exploits would be more expensive to obtain.
   Probably better to airgap by having a secure microkernel (L4, how are
   you?) do the USB and another protocol (Ethernet for all I care) carry
   sanitized payload to the actual machine. Think of it as wearing a
   condom. Whatever the transferred payload is, making sure it's sanitized
   is vital and non-trivial. Probably would require interpreting and
   serializing it again, to unify the formatting.