Sure, but if you set yourself up so a locked down VM has access to all three legs - that is going against the intention of Qubes. Qubes ideal is to have isolated VMs per "purpose" (defined by whatever granularity you require): one for nothing but banking, one just for email client, another for general web browsing, one for a password vault, etc. The more exposure to untrusted content (eg web browsing) the more locked down and limited data access it should have. Most Qubes/applications should not have any access to your private files so they have nothing to leak.

Then again, all theoretical on my part. I keep messing around with Qubes, but not enough to make it my daily driver.