Security protocols for low latency execution of program code

What is claimed is: 1. A system for providing low-latency computational capacity from a virtual compute fleet, the system comprising: an electronic data store configured to store at least a program code of a user; and a virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon on a per-request basis, the virtual compute system comprising one or more hardware computing devices configured to execute specific computer-executable instructions, the virtual compute system in communication with the electronic data store and configured to at least: maintain a first subset of the plurality of virtual machine instances in a warming pool comprising virtual machine instances to be assigned to a user and having one or more software components loaded thereon and a second subset of the plurality of virtual machine instances in an active pool comprising virtual machine instances assigned to one or more users; receive a request to execute a program code associated with a user on the virtual compute system, the request including information usable to identify the program code and the user associated with the program code, wherein the program code is associated with configuration data indicating at least a first portion of the program code to be executed with a trusted credential and a second portion of the program code to be executed without the trusted credential; select from the warming pool or the active pool a virtual machine instance to be used to execute the program code; create a first container in the selected virtual machine instance to execute the first portion of the program code with the trusted credential; create a second container in the selected virtual machine instance to execute the second portion of the program code without the trusted credential such that both of the first container and the second container are created in the selected virtual machine instance, wherein the second container is configured to communicate with the first container; cause the first portion of the program code associated with the user to be loaded from the electronic data store onto the first container in the selected virtual machine instance and executed in the first container with the trusted credential; and cause the second portion of the program code associated with the user to be loaded from the electronic data store onto the second container in the selected virtual machine instance and executed in the second container without the trusted credential. 2. The system of claim 1 , wherein the virtual compute system is further configured to cause the second portion of the program code to be executed in response to a request received from the first container. 3. The system of claim 1 , wherein the second container is configured to communicate with the first container by an inter-process communication channel. 4. A computer-implemented method comprising: as implemented by one or more computing devices configured with specific executable instructions, receiving a request to execute a program code on a virtual compute system configured to execute program codes on a per-request basis, the request including information usable to identify the program code, wherein the virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon; determining, based on the received request, a first portion of the program code to be executed at a first level of trust and a second portion of the program code to be executed at a second level of trust different from the first level of trust; selecting, from the plurality of virtual machine instances maintained on the virtual compute system, a virtual machine instance to be used to execute the program code; creating a first container in the selected virtual machine instance to execute the first portion of the program code at the first level of trust; creating a second container in the selected virtual machine instance to execute the second portion of the program code in response to a request from the first container at the second level of trust such that both of the first container and the second container are created in the selected virtual machine instance; configuring the first container to communicate with the second container to execute the second portion of the program code at the second level of trust; causing the first portion of the program code to be loaded and executed in the first container in the selected virtual machine instance at the first level of trust; and causing the second portion of the program code to be loaded and executed in the second container in the selected virtual machine instance in response to the request from the first container at the second level of trust. 5. The computer-implemented method of claim 4 , wherein the first container is configured to communicate with the second container using an inter-process communication channel. 6. The computer-implemented method of claim 5 , wherein the inter-process communication channel is one of a socket pair, a pipe, a named pipe, a shared memory on the virtual machine instance, or a message queue. 7. The computer-implemented method of claim 4 , wherein the first level of trust utilizes a trusted credential provided with the request to execute the program code on the virtual compute system. 8. The computer-implemented method of claim 7 , wherein the trusted credential is a login credential of a user associated with the program code, wherein the login credential is usable to access an auxiliary service on behalf of the user. 9. Non-transitory physical computer storage storing computer executable instructions that, when executed by one or more computing devices, configure the one or more computing devices to: receive a request to execute a program code on a virtual compute system configured to execute program codes on a per-request basis, the request including information usable to identify the program code, wherein the virtual compute system comprising a plurality of virtual machine instances usable to execute one or more program codes thereon; determine, based on the received request, a first portion of the program code to be executed with a trusted credential, wherein the first portion of the program code is configured to invoke a second portion of the program code to be executed without the trusted credential; select, from the plurality of virtual machine instances maintained on the virtual compute system, a virtual machine instance to be used to execute the program code; create a first container in the selected virtual machine instance to execute the first portion of the program code with the trusted credential; create a second container in the selected virtual machine instance to execute the second portion of the program code in response to a request from the first container without the trusted credential such that both of the first container and the second container are created in the selected virtual machine instance; configure the first container to communicate with the second container to execute the second portion of the program code without the trusted credential; cause the first portion of the program code to be loaded and executed in the first container in the selected virtual machine instance with the trusted credential; and cause the second portion of the program code to be loaded and executed in the second container in the selected virtual machine instance in response to the request from the first container without the trusted credential. 10. The non-transitory physical computer storage of claim 9 , wherein the first container is configured to communicate with the second contain