No, they're not. If you are building a platform for developers to build apps on and you design your API in a way that's easy to introduce security vulnerabilities that's not a backlog, that's a badly designed platform that will be riddled with insecure apps creating a crappy, untrustworthy, ecosystem. And since those bugs are in third party apps you have no control over whether app developers are aware of them or if they'll ever get to them in their backlog.

Again, this is literally the same thing as the JavaScript equality comparator.

It's not a bad idea for a user facing UX in some cases, but it's not good for all cases and thus shouldn't be implemented at the low file system level.