I think we need to be separating the concept of sandboxing from Apple implementation of "Entitlements". From a technical and user perspective, sandboxing is a good thing, it keeps the app from doing what it's not supposed to be doing. However, Apple entitlements are a laughable hand-me-down subset of sandboxing. If Apple expanded their list of entitlements and simply required justification for use of those expanded entitlements during the review phase, they could still keep things safe for end users.