Thanks for the info on the enumeratorAtURL: method. I take back my suggestion regarding the bug then.
Regarding my pseudo-security remarks: yes, I agree of course that some of the measures make sense and are essential. However, I do think that some of them unnecessary.
If we take the same example with batch processing you mentioned: sandboxing applies one debilitating restriction on batch processing where your target output folder cannot be specified as the parent folder of each file (or a subfolder in the parent folder etc.) That's because the output folder for all files in the batch must be a specific folder explicitly selected by the user.
There are worse things like Apple Event sandboxing introduced on Mojave. Users are now being pestered by cryptic messages that no one reads or understands anyway - and OKs automatically regardless. And if the user hits Don't Allow by mistake, then there's no even obvious way to restore the permissions... But I'm sure you're aware of all this anyway. I might be wrong, but to me it's pseudo-security.
Many of those security features are also poorly implemented and documented - which, in my view, puts a serious burden on developers. I know that I wasted countless hours on the aforementioned Apple Event sandboxing.
Admittedly, right now I'm especially annoyed as I'm in the process of implementing notarization for my apps. Which is also poorly documented with weird issues arising on every step of the process. Tons of time is already wasted on this instead of doing something productive.
That's what mostly made me chime in on the subject.