BPF programs can hook directly into the kernel more or less and can safely share memory to userspace. This is important because after all the fall out from Spectre and Meltdown, they found that the BPF virtual machine programs were immune from this class of vulnerabilities.