OK, I've cooled down a bit and apologize for the really rough wording. I have spent the last 2 weeks migrating servers and web sites and was really, really sick of it on the whole, this was just the "icing on the cake".
I'm fully aware of the fact that this might not be a "bug" per se, however, I maintain that this is poor UX design (or, say, command-line design).
The command I tried to use was more or less like this:
It then warned me that the destination exists (or something), and that it "won't overwrite" unless I specify --force.
Well, I DID specify --force and repeated, because for the life of me I didn't expect it to wipe out the destination path for restoring a single file (--file-to-restore).
I noticed what it was doing when it was far too late -- errors about /proc/ files and "permission denied".
I think I now understand WHY it did that, however, I still don't think it's right. duplicity works totally differently to any other tool I know (rsync, tar), while it serves a similar purpose. This is dangerous. I think anyone with experience with tar or rsync, reading the above command line, would think: "OK, it will restored the file www/
foobar.com/blah.html, creating parent folders as necessary, and will do this relative to the path '/'". Again, ESPECIALLY because an option named "file-to-restore" is given, I guess nobody would expect it to delete ANYTHING. EVER.
So again, forgive me for my style, but I was really shocked. It's all good now BTW, I've had the server mounted with a rescue image, salvaged the important stuff which it didn't yet manage to delete ;-), restored the server from a snapshot and then copied the important stuff back.