Yes, people should read the white paper. The hypervisor is such that the Zipper system is able to take over control of the framebuffer to display it's content and interact with the user, without a rogue app on Sailfish or Android being able to bypass it's security.