I wonder how Nokia would react to the fact that it is so easy to actually give ANY capabilty to an executable using standard tools that come with the SDK (please note: THIS IS NOT A HACK or CRACK)
1) Create your application using any of the S60 3rd Edition SDK, using a UID grabbed from the unprotected range (see: http://www.symbiansigned.com to have yours allocated)
2) Compile for GCCE/ARMV5
3) Before packing your application into SIS use this command for every EXE/DLL that your application is composed of:
elftran -capabilities [capabilties set] drive:\sdkpath\yourapp.exe
elftran -capabilities WriteUserData+AllFiles+TCB S:\Symbian\9.1\S60_3rd_MR\Epoc32\release\GCCE\UREL\myApp.exe
Remember to grant same capabilities to all your application components (DLLs, plugins etc). that composes the app not just the main exe, otherwise it won't work
4) Create you own self certificate with makekeys
5) Create the SIS file with makesis
6) Sign the SIS using your self certificate
Install.... even if the user will be still adviced that he/she is installing an application from an untrusted source, once done, the application has access to everything, even to manufacturer granted only capabilities (I'm sure you have already noticed the TCB and AllFiles I have put in the example).
If I knew it before, this would have saved me around 12.000 $US in signing fees, counteless days waiting for something to be tested and a lot of frustation.