Sorry about the late answer...
Rhino does have the concept of a "Class shutter" -- you can look it up in the source or the Context class. It lets you restrict which Java classes an app can access. That can help a lot. with basic problems like limiting the ability of Rhino code to access arbitrary Java objects.
That said, most Java security experts (and I'm not going to pretend to be one) recommend using the Java security manager as well to ensure that any customer-written code is run in a less-privileged manner, and I've had them tell me over the years that they trust that method a lot more than the class shutter.
Finally, many have also recommended consistently over the years that untrusted code is the least unsafe when run in a separate container or virtual machine, as even the Java security manager doesn't protect you from runaway code, memory leaks, and as-yet-unknown bugs in the whole stack.
So it's really a matter of how must risk you are able to take.