There are several kinds of issues with the user experience of the Groovy sandbox as applied to Pipeline especially:

• Lots of legitimate method calls are not whitelisted by default. We need to greatly expand the bundled whitelist.
• Some calls are not properly classified for script approval. Typically I fix these as they are reported, though there are some open.
• User experience of handling script security generally is sub-par.