No, you don't understand it.
Sandboxed Mac apps define their own sandbox. Instead of every single app having access to the entire local storage by default, apps ask for what they need access to, and get it. If an app wants access to the user's home folder, they can get it. If they only need Desktop and Documents, they get that.
The exception is that sandboxed apps cannot access the System files or Unix layer. The thing is, if you are a user who wants their app to access System files or the Unix layer, you are an advanced user and have the skills to download that app from the developer's website and audit it yourself, same as always.
> crippled "Mac App Store edition"
That is a synonym for “higher-security edition.” Or “higher-reliability edition.”
For example, look at BBEdit. The version you download from the BBEdit website can access the Unix layer to configure Apache, it can install command line tools you can use in bash. If you want to do those things, you are an advanced user who can also audit Bare Bones, download a disk image, and perform a traditional app install, and save a serial number, same as for the past 11 years, and similar to the 15 years before that. However, if you are not interested in using BBEdit to access the Unix layer — possibly because you are running a remote Web server and remote terminal — then you now have the additional option of a self-installing, self-updated, higher-security version of BBEdit that still does everything you want to do.
The thing is, this tracks with what users are doing. I stopped running a local server a few years ago because a remote staging server is accessible from Mac, iPad, and iPhone, and my remote staging server runs the same Linux as my main server. On the current Mac I'm using, I left the Unix layer totally alone and let Apple manage it. If it is misconfigured, my Mac may not work. If a remote server is misconfigured, it can be wiped and redone, or switched to another server. So I am happy to use the Mac App Store BBEdit now because it requires no maintenance, and when I get my next Mac, I only have to open Mac App Store and go to the Purchased tab and tap “install” next to BBEdit and it is done.
Nothing has been lost. You are still able to install apps the same way as ever. Mac App Store simply provides another option for those that want it.
In many cases, this has been really great. For example, the app Hype used to use the local Web server and Safari for previews, but the sandboxed version has its own Web server built-in, and you preview within the app. It works better.
In all this criticism of iOS, we should also remember that iOS almost never crashes. It is even more reliable than Mac OS X. In 3 years, my iPad had only 1 system crash, and it came back up in under a minute with no data loss because everything is Saved automatically, the system is ready to crash at any time, even though it hardly ever does. Adding sandboxing and Autosave and Versions to Mac OS X is adding reliability and security. Mac App Store adds security.
I'm down to maybe 4 apps that aren't from Mac App Store, and on my next Mac, I will likely jettison those apps. I'm already phasing out 3 of them anyway, because I have better, more-modern replacements. None of my apps need access to anything they can't get with sandboxing.