Most people don’t build untrusted derivations in the first place, so the impact on users who don’t run publicly‐exposed CI/build infrastructure is probably minimal.
(Well, okay: most people don’t ensure that derivations are trustworthy before building them. But they also tend to use the outputs of those derivations in ways that would allow them to be exploited regardless of the Nix sandbox – the Nix sandbox only protects you if you never run code from derivation outputs outside of a sandbox anyway. Maybe just avoid running nixpkgs-review on PRs?)