I agree with Devlin with this one. Having chrome.foo() and chrome.foo.bar() is pretty confusing. I also trust that team to have made the decision for good reasons.
Naming is hard. Finding a name that makes everybody happy is impossible. I try to avoid getting hung up on naming. Using chrome.restricted.bluetooth instead of chrome.bluetooth.restricted does not seem like the issue here. Whether to use 'private' or 'restricted' or 'kiosk', and whether or not to support multiple similar APIs (e.g. networkingPrivate + restricted.networkConfig) seems more relevant.
I see several options here:
A) Allow kisok apps to use chrome.networkingPrivate as-is (when in kiosk mode and with appropriate messaging when an app is user installed).
B) A + restrict which methods / events are supported in kiosk mode.
C) A + rename chrome.networkingPrivate (to chrome.restricted.networkConfig or whatever).
D) B + C
E) Create chrome.restricted.netwrokConfig (or whatever) and implement a subset of netwrokingPrivate. Leave networkingPrivate as-is.
My opinion on the above options:
A) This seems fine to me and is the easiest solution. I do not think that developers of kiosk apps using this complex and subtle API are going to be put off by the name "private", if anything it will serve as a red flag to caution developers to tread carefully.
B) I am not a fan, I don't think that the restrictions would add much benefit since we plan to expose the configuration API which has the largest security concerns.
C,D) Not a fan for reasons I have already discussed.