The question was posed to Tzuk at Sandboxie. His reply
was the first, and only, that I've found anywhere
-- that indicates MS's Gadgets may be used without opening a security hole in one's system.
You may want to back-up from Tzuk's post to get the context of his answer.
The only other solution is to write your own Gadgets, so you know where they go, and what they do. If your own Gadget accesses a (completely) trusted data source, and does nothing else, I can't see the (significant) risk. That's how I always approached the MS Windows Active Desktop
) and using it in this way, nothing unexpected ever entered my system.