The Super Secure System of Chrome OS
A side effect of relying so heavily on the web, at least from what we've seen of Chrome OS so far, is that everything is a web page. In that way, calling something like Google Maps or YouTube an "app" is something that's very different from a traditional software app, or even most mobile, applications. That will likely change in the future, however, as the Chrome OS supports binary execution in Google's Native Client (NaCl) environment.
NaCl is a runtime environment that runs inside its own sandbox, just like how Google Chrome separates different tabs. This provides stability in that one program crashing will only mess up its own sandbox without affecting the others. Sandboxing also greatly increases security, as malware that infects one area will be contained and unable to infect the rest of the system.
Google created a pretty good video explaining the security features of the Chrome OS and Cr-48:
NaCl isn't enabled (at least not yet and not without enabling the jailbroken developer mode) in the Cr-48, which somewhat restricts us from seeing the greater capabilities and potential of Chrome OS. Of course, this is just the first taste of Chrome OS within this pilot program, so there's still a chance that NaCl will come in a future update.