Notes:
The security model of the kernel is simple - kernel memory is protected against modification by userspace. Any information that the kernel needs to maintain its integrity is kept inside the kernel.
Physical machines have help from the CPU in implementing kernel memory protection. UML has no such help from its "processor", the host Linux system, so implementing a separate protected kernel memory space is somewhat complicated.
However complicated it may be, it is still vital for security applications, since the ability to modify UML kernel data from a process would provide the ability to break out of UML.