There's a continuum of security and usability between having (a) N machines in N rooms for N tasks to having (b) 1 machine on a single desk running N tasks. You can have a KVM switch and multiple computers sharing a keyboard/mouse/monitor, which gives you a high degree of isolation (very close to (a)), or you can have compartment mode, where windows themselves have security labels, but then you need an advanced system to protect apps in one window from other windows, including window masquerading attacks. If you do it well, it's ideally close to (a) as well.
The problem with virtualization on a desktop is that certain resources (video/keyboard drivers) don't like to be virtualized, so you end up running them in the system host area. Applications also tend to want pretty low-level access to those resources. It used to be the performance overhead of all of this was very high, but now it's not as big a deal (at least for normal 2d type apps).
The last good Compartment Mode Workstation I remember was Trusted A/UX (built on apple's first UNIX operating system) from the early 1990s. It wasn't particularly good.