Local root vulnerability in snap-confine

Side question: would it have done anything if it was originally required that the user have permissions for the destination if they wished to create a simlink? Is this feasible? (invalid symlinks might be a tricky edgecase, especially if they're not invalidated when their target is removed)