Thanks guys for the tips.
The Drive.file scope is not always practical and would lead to an awkward user experience in some cases.
As an example, you have a Google Forms add-on that needs the Drive scope to be able to access the Files uploaded via a 'File Upload' question. The add-on does not generate the Files or the File Upload folder (Google Forms automatically does that). Based on this, add-ons will now need to ask the user to select each File Upload folder that their form uses?
When a user provides authorization to a folder, does the authorization extend to the files it contains? If not, this is a problem!
Assuming it does extend to the files (although I am very uncertain), most users don't even know that the files are uploaded to their account, let alone know which folder they are being stored in. If a new File Upload question is added to their form, they need to come back and do it again.
Whilst I understand the need for greater security and data protection, in future I hope visibility on what is coming ahead can be provided to developers. We also use the Contacts scope, Spreadsheets scope, Forms scope, External scope. If we knew other scopes will be restricted in the future, we would probably get the security assessment done and out of the way, without having to re-architect the application each time. All scopes could probably be narrowed down to single file scopes, but would again lead to further unnatural user experiences which I am reluctant to do unless necessary.