All apps, even native ones should be forbidden to have unrestricted file access.
Just because something runs under my id, doesn't mean I want it to read everything I have in $HOME without me knowing about it, and possibly sharing it with the world.
On my systems, every sandbox option I can enable is turned on.
My point was the browser has no file access. Most electron apps work with the filesystem in some way, and in the browser it's not possible to, for instance, give a web app access to a folder on the desktop
