This isn't super important, since even if this were implemented, they could still access the individual elements through an http request. It just seems cleaner and a little more secure to me if each website did not have direct access to the content contained
in other sites. Maybe some of the content contained in site A's folders is only supposed to be accessible after someone has authenticated themselves. Site B can come along and display everything on a public page.
I just picture a true multi-tenant orchard install to treat each tenant like a tenant in an apartment - i can only access what it's in my apartment, not what's in someone else's apartment. I just assumed there'd be a folder, like the app_data\sites\ folder
that would belong to each site and only that site.
As to how it could work - couldn't IIS restrict access to all the content under a specific folder except for the one folder that's owned by that particular site based on the domain?
Maybe this might not be worth doing though since i guess no one else has asked about it. it just seems cleaner and neater to me if each tenant were restricted to their own content.