I believe you already made this point earlier in the thread. As I said, the goal with this feature at the moment is to extend tamper detection on existing files past /boot and into specific root directories, which would catch a rootkit that replaces system binaries with trojaned versions. The goal isn’t to stop all possible attacks on the system and I don’t think anyone is claiming that it does that.
If you want to detect other types of tampering on the file system, like attacks that add new files to the file system, you’d want to use a different tool for that job. This tool also doesn’t (by default) address attacks within /home or /var. There are plenty of places that malware can persist on a system including in unused blocks on disk.
Would it be a nice feature to detect the addition of files within the scanned directories? Sure, there are many additional things we could do. Does this protect people from certain classes of attacks better than without it? Yes.
I tend to approach security like golf, in the sense that I aim to get closer to the hole (a secure system) with each stroke. Then at my next stroke I can start from the new spot, possibly with a different tool that’s better suited for getting closer to the hole from that point. The closer I get the better, but if a stroke gets closer but doesn’t put the ball in the hole I don’t throw that attempt away and start from the same initial spot. Some security practitioners only swing for holes in one and spend most of their time no closer to the hole.