The only alternative that I came up with (conceptually) that would allow existing functionality and these new security settings, was the possibility of using a reactor to Attach / Detach the working folder (or a sub-folder relative to same), where the reactor would programmatically update when switching Documents in MDI.
Just haven't had time to put code to IDE; we'll see what happens, as I am curious to see the difference in limitations (if any) between the APIs as well.
On some level, I still find the topic absurd (trying to make this work for us), given that anything placed by the end-user (or anyone else, malicious code, etc.) in one of the three Autoloader folders is implicitly trusted... Yay end-user's with interwebs connections.