This is the fundamental tradeoff between security and usability.
It would be more secure to basically give every application you install it's own home folder and keep it restricted to that.
OTOH an image editing program should be able to see images used by other image editors, a file transfer program should be able to use my SSH keys to log me into various servers etc.
The only way around this would be to have some complicated fine grained permissions system that requires apps to know about other apps that might want to access it's data.
Linux's Capabilities framework is one such fine grained permission system. That, AppArmor, SELinux, or a similar system could be used to sandbox apps and games.
The point isn't that SELinux will be used by your mother, but that SELinux or similar will be used by Steam and the Linux distributions to make sandboxing happen automatically behind the scenes.
Yes. Check out LXC (Linux Containers). I can clone a full Linux system, boot it and be at the prompt in well under a second. It can be a read-only root system, with vastly restricted permissions, easily shapeable/QoS-able virtual network interface, resource guarantees (disk I/O, CPU, memory, etc). Works kinda in to the OSX-style '.dmg' (distribute a "disk image") notion. I think the future of Linux consumer-oriented software distribution may be something evolving toward this area. IIRC ChromeOS under the hood uses this stuff a bit, havent taken it apart yet.
It would be more secure to basically give every application you install it's own home folder and keep it restricted to that.
OTOH an image editing program should be able to see images used by other image editors, a file transfer program should be able to use my SSH keys to log me into various servers etc.
The only way around this would be to have some complicated fine grained permissions system that requires apps to know about other apps that might want to access it's data.