All builds are isolated from each other by means of KVM virtualization. Intermediate build output is never written to disk, only to memory. The nix build output paths are stored in an encrypted file system.

There is an advanced sandbox in place that makes sure that each virtualized build only has access its build inputs. There is no network available inside the sandbox.

Nix public-key signatures are used to make sure that only trusted inputs are used for your builds. Two users might upload the same store path as a build dependency. If those store paths haven't been signed by a key trusted by both users, they will be treated as completely separate paths. By default, only the key is trusted.

If any uploaded (or built) store path has identical (byte-for-byte) content as another store path (possibly created by another account) that content will only be stored once (that is, the actual data is deduplicated).

As currently is in beta, you should account for any bugs that might exist and don't run builds that require a very high degree of secrecy.