Again, you simply shouldn’t rely on root isolation as a serious security boundary, when you have a hardware virtualization at your service. This is the main reason for the current default, because inexperienced users will not understand this important difference. You can add it, but it will never be as reliable, it’s just a weak defense in depth.
Also the root partition doesn’t even belong to the App qube, it’s taken from the Template. Wipe it, reboot, it will reappear untouched.