If only one could be so certain. We have a bunch of stuff in: /home/defaultuser/.local/share/system/privileged/ which can’t be accessed ‘normally’, but also have unencrypted email passwords in an sqlite database. Sometimes, I fear, design fell by the way side. snipe, snipe.
Still, what do you mean by ‘allowable’? Or are you just referring to the default behaviour related to UserDirs? I ask because of what appears to be some amazing jailbreaking one can do with python httpserver … ServiceWorker in Webview apps - #7 by poetaster …but I’m still just testing… (which leads to spilled milk, organ transplants, tears and the gnashing of teeth.)