First off, "winetricks sandbox" almost does what you want, except that "wineboot" (or installing ie6, or anything else that reboots windows) will undo the sandboxing (there might be a wine bug there), and that malicious code can very easily escape (e.g. by running native linux code). If you want a somewhat more secure sandbox, you could try to run wine in a chroot jail. This is annoying but might be worth the trouble for a few users. If you really want this right now, see http://media.codeweavers.com/pub/crossover/case_studies/WineAndSecurity.pdf which says CrossOver already supports this.
