While thinking about this bug, one should also note Bug 258890.

As we know portable apps and scripts are a threat to security.

I suggest Dolphon should have an optional feature by which it'll run every executable program (NOT file) which user runs from his ~ under some kind of sandbox, and notifies user when it tries to read/write files in ~ (notification will be depending on configuration). If it creates a new file/folder in ~ which's hidden, it's something expected and should be allowed.

Dolphin will also have option 'run without sandbox' in the context menu of the executable.

If Dolphin allowed executing applications through custum commands, this feature can be implemented via a thrid party graphical sandbox frontend/application.

For e.g. if $1 is the executable path, then I can configure dolphin to run it as follows - 

sandbox_program_gui --executable $1

That way sandbox_program_gui will have to handle the sandboxing. Actually I suggest this to be the recommended way.