You don't need bind mounts, you can just pass access rights to directories into the sandbox directly. Also sandboxed apps run inside a (filesystem) container so file writes to $HOME are transparently redirected to a shadow home.
Respectfully, it's not enough. You can't treat the inside of the sandbox as a generic macOS system. You can't really install arbitrary things or run arbitrary programs. The wheels fall off extremely quickly.
That's true which is why I abandoned that approach, but the original comparison was against Bubblewrap which has the same issues (yes with enough overlays you can make a semi-writable system into which you can install things but you can tunnel brew outside the sandbox also).