Chad Sellers has a post comparing Mac App Store sandboxing to mistakes from Linux, with this very reasonable advice:
"I believe that Apple should have at least led the way by sandboxing all of their own apps sold through the Mac App Store (I believe they have not sandboxed a single one of their 17)."
This reminds me of Twitter. When Twitter forced third-party clients to move to OAuth, but didn't change their own app to use it, many developers said it was a double standard. Twitter's response: the official Twitter app was part of the service, not really a separate app, so it didn't need to use OAuth.
Maybe Apple could make the same case for Mac OS X's built-in apps: Address Book, iCal, and Mail don't need to be sandboxed because they are part of the operating system. But that argument doesn't work for Keynote or iMovie. Those apps should play by the same rules that all productivity and video software in the store does.
If Apple were to sandbox a few of these it would go a long way toward convincing developers to do the same. And it would also shake out bugs and missing APIs in the whole sandbox environment.