alt Hacker NewsA few people have suggested adding a blacklist for dangerous directories or validating directories are empty first.
Why not just make the API create a new directory rather than selecting one? There's still a risk people create a directory in a shared location - but at least they're only risking the new directory then, right?
I think the intended use case is for things like "give my music player access to my music library" or "open a project directory in this IDE", which wouldn't work well if every app were confined to its own directory.