The file picker API is there to allow apps to access and save files with the user's consent, while bot having any filesystem access. So a properly sandboxed app would be able to open, edit, and save files wherever the user wants, while not having access to any other irrelevant files, such as your .bashrc or memes folder.
Well, no matter how I trust my photo editing app, it has no business accessing my thesis documents. Proper filesystem sandboxing does security properly.