Microsoft implements Option 1 for a good reason. Option 2 is a potential security minefield if you’re not careful, a quick DuckDuckGo search brings up something along the lines of CWE - CWE-377: Insecure Temporary File (4.8), but there’s certainly others.
Better to offload those concerns onto them.