The idea is that the only thing the old version does, is to launch the new version.
This limits any security impact to the launcher code, which is basically “set env-var; execute new binay”.
The idea is that both versions look for the same folder, so they should run the same version.
I think the problem is that the systemctl version is running with elevated privileges and finds /usr/share/ to be write-able, and then stores the updates there. When you run the cli, it has less privileges and then finds ~/.config to be writeable.
The other solution would be to require elevated privileges, and then replace the current installation. Would you prefer this, or do you have a better solution?
Yes, there is a limit of 4 old versions, they should be removed automatically.