[DrJJWMac]

Having read a bit further, I think the questions I have can be framed specifically as ...

1) Are you bemoaning that OmniFocus will loose open permission to push information out and demand it to be stored in to a DevonThink database via an Applescript conduit?

As a user who demands integrity in application security, I would certainly want to put an end to this type of behavior for any app as a bad practice all around. OTOH ...

2) Are you bemoaning that OmniFocus will no longer be able to serve up information internal to its own database after a request from DevonThink that has been offered via Applescript as a conduit?

I would certainly hope this can still be possible because (if I understand correctly) the sandbox control would actually be on how the request is initiated, not on the request itself. IOW, when YOU have DevonThink as the frontmost app, you should have sandbox permission to initiate such an Applescript request directly from DevonThink to "pull" information from OmniFocus, however when DevonThink is a background app, "Applescript" as the "user" should be denied permission categorically to initiate that same request.

Basically, my thought is, while you should still be able to use DevonThink to pull information from OmniFocus, you should never be able to use OmniFocus to push information in to DevonThink. In addition, no one but the "real you" should ever be able to command DevonThink to pull information in to itself from somewhere else.

I hope this is clear in my as-yet-still-muddled understanding of the implications of a sandbox.

I might comment more, but could you elaborate further in case I am misunderstanding?

--
JJW