If I was a commercial supplier of CNC machine tools which go into a workshop environment and are used every day to make stuff, so they have to be reliable and safe, I wouldn't want anyone fiddling with any part of the tool, including its control system. Not only will it make it more reliable it will save me support effort and warranty problems. If I have to use some third-party software that needs another third-party's OS to run, I'd like to lock down both of those so I know precisely what the controller software config is. This view is based on a career spent in the electronics industry associated with a number of complex software-controlled products and systems. Maybe these are the type of considerations that Tormach have in mind?
I can't speak for Tormach except to parrot what they have published on their web site ('white papers' etc) and the actual correspondence that I have from them that is addressed to me and in response to my specific queries.
Tormach published that they have 'locked down' the version of MACH3 that they supply for the reasons you stated. This can be a long debate in itself, but whether or not anyone agrees with it, this is their stated policy and the reason for that policy, so it speaks to your question as to what they may have had in mind.
However, the reasons they give for using the embedded OS is so that the system timing will not be altered by unnecessary Windows services running in the background. I do not recall seeing any reference to keeping users fingers out of the cookie jar as a validation for using the embedded OS. They cited only technical reasons and then only in a somewhat narrow scope.
My only question (although it is getting harder and harder to drill down to it) is whether these technical reasons are still valid.
I remember paying some hundreds of dollars to have 32K of ram added (soldered to the MB) on my first computer; an Apple II. I can remember having two versions of Programs written in Basic. One with comments and one with all comments, blank lines and spaces removed. The purpose was to save precious ( and stupidly expensive by todays standards) memory and disc space. Years later, out of habit, some programmers were still spending time 'compacting' their code even though the compiler was already doing that for them. Some would say you can look at code and tell if it is from an old timer (like myself) or a younger programmer. The difference being the younger programmers 'grew up' with no such size restrictions . . plus they can all touch type . . . so the commenting is very verbose and clear, while that from the Jurassic period is brief almost to the point of being some kind of secret code that only the original programmer can fully understand.
After WWII there were Japanese soldiers who hid in the jungle for many years because they did not get the word that the war had ended. Obviously their behavior was based on outdated or missing information.
Given these real world (albeit extreme) examples, and the fact that Tormachs published information is 5 years old, and that 'computer years' are like 'dog year' only with a much higher ratio, I think it is reasonable to question whether there is still a valid reason to use a stripped down Embedded Windows XP as the Operating system for a piece of software that is specifically targeted at being a 'one-size-fits-all' generic CNC control. The intent here not to pick on Tormach, but to determine if their path is one to follow or one that is overgrown from lack of maintenance, interest, or simply frozen in time by their KISS principal. Tormach is going to do what they do. I do not have anything Tormach, but I have many customers who do, so I need to do my homework on this thing and come to some conclusions.
Mach is a Windows program (PP driver excepted). It is sort of like an aircraft carrier in that is does it job surrounded by an array of support ships. In the real world, it requires an array of drivers and in many (if not most by now) cases it used auxiliary hardware for additional ports or for motion control devices and other processes. To say that a single PC with an stripped down OS running plain vanilla MACH3 thru a single PP is typical (I think) is not accurate. While that pretty much describes a Tormach machine, if it were typical of most machines in the real world, I doubt there would be any need for this forum.
In any case, I am convinced at this point from information I was able to gather from other sources, that the justification for Embedded Windows as an OS has gone the way of terse program commenting and Patriots hiding in the jungle . . i.e. seemed like a good idea at the time, but not really needed any more.