Not sure I get it
A text editor being used to edit a text file is a vulnerability? I use Sublime Text, and it will allow me to edit any file, prompting for authentication if I don't have write permissions.
What I don't like is the way Skype for Business (I have a client who can only use that for web meetings!) changed the settings in FaceTime so that any calls I tried to make (including when handing off to my iPhone) were routed to Skype - and I wasn't asked by the installer if I wanted to make Skype the default.
I agree that API changes to another apps settings and the direct manipulation of another app's files should not be allowed without use approval, so I guess that's what this is really about?