That would seem to be quite a restriction on how users can deploy their applications, a single server can still have multiple applications deployed each with their own domain requirements.
Also what do you mean when you say "All applications would install their own security domain along with the files required for them." - are you saying the domain would no longer be defined within a subsystem?