Command::restrict() is supposed to add bitfields to $restrictions, not overwrite them. So ->restrict( Shell:RESTRICT_NONE ), which has a value of 0, will do absolutely nothing, leaving the default shell restrictions in place.
My proposal is to make restrict() overwrite the existing restrictions. This would mean that anyone setting a restriction would need to always do something like ->restrict( Shell:RESTRICT_DEFAULT | Shell::NO_FOO ).
Given that codesearch shows every non-test caller already doing this, I believe this is a safe and useful breaking change to make.