A controller in a device manufactured by a large and dysfunctional corporation, where the different bits of the software are written by different teams who don't trust each other, and aren't trusted by the team which integrates the product?
The use case for essentially 3rd-party modules that I've come across are basically all of the same form which is generic 1st party (trusted) code running 3rd party blobs for specific customers, examples being smart meters, Bluetooth devices, vending machines, etc.
The thing is... in most of these cases, the best approach is to sandbox purely the 3rd-party code, not your code (which hampers and slows development). Although its nice in theory to also have your own subsystems protected from each other, in practice, the resource constraints prevent that being done well. Putting tight controls just around the blobs on the other hand is a much easier thing to do.
At the risk of being a little draconic, any device that receives data from sources outside a whitelist of validated origins falls under this example. In particular, anything that can plug into arbitrary computers (and is therefore exposed to an arbitrary USB stack on the master side), or that receives network packets (especially from networks with relatively weak authentication/security and are therefore easy to join by malicious actors) falls under this description.
Off the top of my head: fitness bracelets and the like (which can contain health or even location data, or at least data that can be partially leveraged to determine location), hardware authentication keys, wireless medical implants/devices (even if there's no opportunity for data retrieval, stack smashing is a cheap way to deny service, and I have had tons of fun debugging stack smashes...)
Can someone suggest a realistic use case?