Not your interpretation, your implementation just happens to be one shunned by the industry for the past 20 years if not longer.
Most (perhaps all) Linux desktop environments allow any user to be designated as an auto-logon user. This can be a non-prived user and, for those (no longer Ubuntu) which supports the concept of a Guest account, the Guest user.
Every major desktop environment allows any user to autostart one or more applications when they log in. Think of Guake if it helps to visualize user level programs which start when the user logs in. Some people even do this with Libre Office modules or Sublime because they spend 90% of their day in them.
Because of these realities, every kiosk type application I’ve ever heard of or worked on (except yours) for the past 20+ years installs a user looking up at Guest for priv and ability. They then install the application as an auto-run under that user and set the user to be the autologon user.
If your kiosk type application gags due to a bug or, more likely, problem with custom video/image/sound/etc. content the user will most likely be dropped to the desktop. In the traditional kiosk world this is a user which can do nothing. Ideally you’ve created that user with a home directory on a RAM drive which gets created and populated at boot so they can do less than nothing. When the Microsoft solution to everything (reboot) is applied, the user has a bouncing new virtual drive with a brand spanking new copy of their world.
The design you propose/champion/have done/whatever, has them dropped to the desktop as a root user.
Not cool.
It doesn’t even have to be a coding bug. Remember, these particular applications are running on full desktop/notebook/2-in-1 computers. What if you just happen to miss disabling one of the or key combinations which will open a terminal? For a user with no more privs than Guest, who cares? It looks bad, but, as they say in hockey “No blood, no foul!”
There is no software developed by an AGILE like process, betting on automated testing, which can or will ever be secure. In general automated tests tend to test less than nothing. Mostly exist to check the box. Snap is also an infant, not yet out of diapers. It’s got an ocean of high priority bugs.