Yes. I guess that's what the grandparent means. I don't find it abnormal, it's a very good practice - create user accounts for public-facing processes and give them as minimal rights as possible. Still, the possibility to somehow break out and gain root exists.
It is unusual in that usually applications meant to be consumed locally by the owner of the device are not considered "public-facing". It is something usually done with servers or daemons, not web browsers and text editors.
