Currently, nashorn test framework runs test262 test without the security manager enabled during build/test. There is no reason why we should not enable security manager for test262 as well. Scripts in test262 do not exercise anything in Java (pure JS tests) and so should be able to run under sandbox security. We'd like to validate that we can indeed run pure JS tests under sandbox.