But if the app had the SMS group permission when you installed it, it had the ability to do that already. You haven't granted it any additional permission. If the developer only really wanted the ability to read SMS messages, it should have only asked for that in the first place.
I can definitely buy that app developers may get lazy and ask for more permissions than they need because it's more convenient. Let's say a group had 5 permissions, and an app needed 3 of those. The app developer may get lazy and just ask for the whole group instead of the 3 permissions the app really needed.
If a developer gets lazy and asks for more permission than the app needs, that developer should get raked over the coals in the app reviews, and maybe they'll fix their app.
The human component of asking for permissions (both on the developer's end and on the user's end) may be weakened, but the security model itself is no different with permission groups. As far as I can tell, they're not removing the ability to ask for individual permissions, they're just making it easier to ask for collections of permissions.