Looking at cvs logs, it appears to me that systrace has not had any significant development work since 2006. The "sandbox" vulnerabilities were
outlined in 2007. Comments in the cvs logs do not appear to address them.
Systrace is still of significant value. For example, anyone who does port development should USE_SYSTRACE to ensure that configure, build, and fake targets write only into pre-defined directory structures and make no network calls.