Seems like you have several misconceptions/misunderstanding about when/why and how you should write to files.
-
In general never write to any directory in which code resides, either core code or themes and plugins code. Those directories might be shared between different wordpress instances, and therefor they are not appropriate to be used for data related to only one instance.
-
WP_FilesystemNeeds to be used when you need to write to a directory to which you will normally not have write permission (which in a secure wordpress install will be all directories except for uploads), and therefor you need to ask a user for credentials to use when trying to write files (underlying tech is usually FTP). This means that it has to be a user initiated process and not applicable to anything running as cron task. It is also a very ugly UX.
You might be tempted to store user credentials for this but this is a security bad practice. Once credentials are in the DB or disk, any bad actor that succeeded to convince the site owner to upload his plugin can own the site.
- You should write only to the uploads directory in which case it does not make any difference which API you use as they are both equivalent.
So write only to the uploads directory, and just use file_put_contents for that, not reason to use anything more complex. If you have some secret data that you do not think belongs to a public place, first ask yourself why do you need to store it at all (if for example you generate CSV, can’t you just generate it on the fly?), and if you must, just use a hard to guess file name and set the htacceess for the directory to indicate to the web server that it is a non publicly available directory.