[Jenda_]

Of course - the point is not to get the home folder owned.

There is no reason why Evince/Okular or mpv (to name a few apps which handle files with complex formats from untrusted sources) should have the right to access anything beside their ~/.config/<application_name> and the file they are currently viewing/playing, or maybe read-only ~/Music. If you want to do a "Save as", you will do this through a OS-controlled file dialog, or save it to /tmp and copy it.

This can be achieved with AppArmor, with a caveat that in X, applications can steal each other's windows, but unfortunately this is not the default and easy configuration on most distros.