When the scenario runs in Greenfoot, it can read and save files all day long. When it runs in the Gallery, it cannot access (read or write) any files at all.
This is a Java security measure for applets (programs running in web browsers). If this was not the case, just browsing the Gallery would be very dangerous: Any scenario could read your email and forward (or publish) it anywhere it likes. Or it could overwrite your files.
As it is, you're safe. But you cannot (easily) save files.
I had a feeling that was the case, and that satisfies my concerns!
Thanks, mik, for the rapid response.
If you're interested in the permissions of applets in more detail, you might find this page useful:
http://download.oracle.com/javase/tutorial/deployment/applet/security.html
All the applets on the gallery are unsigned (and not launched with JNLP.)