>>19621The closest analogue to activities i know of are cwm groups. In cwm they replace virtual desktops though:
By default windows spawn in the group 1. Windows may be moved to other groups based on the numbers 0-9. Any group besides group 0 can be toggled and there are settings to automatically assign new windows to the last toggled group or a specific group based on their name. Most cwm keybindings are keyboard-focused, so you might need to adjust key/mouse-bindings. It accomodates other desktop ui programs well with group 0 and an option to restrict the area where windows spawn. It requires you to edit a text configuration file, that is fairly self-explanatory.
https://man.openbsd.org/cwmtl;dr If you have 9 or less KDE activities without virtual desktops or KDE widgets, cwm might be for you.
You might also want a standalone session manager. It sounds like it does exactly what activities do, but i'm unsure having never used one.
>>19622The KDE wiki has no indication that activities do sandboxing. An open forum thread from 2019 has a brief discussion on integrating applications sandboxing into Plasma and an r/kde comment section from 2021 recommends bubblewrap or firejail.
I made separate user accounts for my browsers and share files in /tmp.