Nice! Good to know, if writing snippets or what-have-you that mess with the session!
It is a security measure to move your session files elsewhere than the default if you’re on shared hosting (usually /tmp or something) because it’s possible for someone to log in, get his session ID, then get into that shared /tmp folder and mess with his session, giving himself permissions we would prefer he not have.
There is also the issue of hosting that uses cluster technology; you can’t be sure that your user will be accessing the same server at each page request, so in that case you need to use save_session_path().
You’ll need to have some way of clearing out old sessions (maybe those a day or more without activity?) since they won’t be getting deleted and will fill up the filesystem eventually.