Sorry, due to not seeing an edit button a small correction: I should have written "which +I think circumvents hardening", I'm actually not knowledgeable enough to know for sure. But from what I can find online it does seem to be that way, and that the default user should ideally only be in the render group and not the video one.
On mobian, accessing the camera requires to be in the video group which sadly also gives unrestricted access to the graphics card (which circumvents hardening advancements by Wayland to make secret screengrabbing not so trivial and such things). I therefore tested removing my user from this group.
However, it turns out if the default user isn't in the video group, megapixels plain won't start. Not even a (graphical) error, just nothing. I think that's not so good, both kind of obscure when it happens and it pushes users into an unsafe configuration.
Ideally, I think megapixels should if lacking camera access due to permissions: 1. at the very least display a very clear, graphical error message, 2. ideally just ask for elevated permissions to access the camera anyway. This way users who are security-conscious enough to not want to remain in the video group and/or have all programs access the camera secretly can still keep using megapixels, albeit with a slightly clumsy password prompt.
From my tests it appears that pictures are quietly discarded if the ~/Pictures folder doesn't exist. I think what the app should do is 1. attempt to create the folder, and 2. if that fails, show an actual error instead of just kinda pretending it worked :-D