"Not trusting modern software to be correct nor secure" is sufficient.
I do almost all my web browsing in disposable VMs with no access to interesting things like my password manager, email, SSH keys, etc. I also run JITless (disable Javascript JIT engine), because those are a common attack point on browsers.
If you compromise my browser from a random site, you get nothing of interest. Even if you pop the kernel. You still have to get through Xen to get to anything I consider of value.
It's not unthinkable, as Xen is huge, at hundreds of kLoCs. But there's an effort[0] to make a Qubes that uses seL4 in place of Xen.
But it's bad enough if any do. (some do affect Qubes)
It is an architectural problem.
SeL4 is a good replacement, with excellent performance and strong formal proofs.