You need the r permission to read a directory, in the sense of getting a list of filenames. But the x permission lets you access files and subdirectories if you already know the filename. Of course, you need r permission in the file to read it, but you can always stat() it.
Indeed, I actually meant "read (or check) a specified path/directory status entry" rather than "read a directory" but probably hit submit too quickly.
What this "privacy protections bypass" is doing looks like the former rather than the latter, and it seems like normal behavior if you have x/stat permission.
It could be that Apple's sandbox blocks r/readdir permission but not x/stat permission for some reason.
Is the sandbox supposed to block stat() if you don't grant an explicit permission like 'full disk access' but it isn't doing that properly?