The NGWS runtime relies on the fact that code is verifiably type safe to provide fault isolation between domains. By relying on the type safe nature of the code, application domains provide fault isolation at a much lower cost than the process isolation used in Win32. Because isolation is based on static type verification, there is no need for hardware ring transitions or process switches.
Preventing direct access between domains is also required for security reasons. If a caller in one domain could compromise code in another domain, the potential exists to maliciously breech security.