That's plain wrong. I guess Wine needs a patch to make it stop working as uid 0 ...
Some interesting "security features" could be:
[. . .]
Which all leads to nothing, as any windows application can test for and then invoke linux (or freebsd, or whatever) syscalls directly without wine ever knowing.
I.e. if you have a rogue windows application, wine won't help you. It's just as if you had a rogue native application. Any notion that it's otherwise has no basis in fact. Running something under wine is the same as running a native application, from the security viewpoint.
If you ordinarily sandbox untrusted 3rd party native applications, I'm sure you'd do the same for wine. If, OTOH, you run random 3rd party native code as root, then running wine as same won't matter much.
Cheers, Kuba