The right design decision isn’t necessarily the best for a specific use case. Making the system overall rigid and strict by default makes the whole thing more manageable. Adding features like “user initiated opt-in shared filesystem access for sandboxed apps” increases complexity, hence cost and maintenance burden and likelihood of bugs. Not to say this feature isn’t worth it, but it’s necessary to accept some rough edges in some use cases.