all unikernel implementations I'm familiar with are single process by nature and thus the protection that you need on a multiple process system such as linux is completely un-necessary, especially since they are always deployed as vms
Well, strictly speaking it's safer to have a system where the application can't write into kernel memory space and the kernel can't (accidentally) write into application space.
You don't have the risk of leaking secrets or malicious interference between applications that are supposed to be isolated if you've only got one app, but I could still see where someone might rather have memory protection than not in a single-user/single-application environment.
