When a project uses a dependency on a sourceSet output folder, such as spring-security does. Then Gradle returns illegal/funny classpath entries to those output folders. This spells trouble.
It looks to me that Gradle already implements the intention I described in Gradle-1766, i.e. to remap these dependencies to project dependencies. As far as I can tell it already creates the project dependency but it also keeps the folder dependency.
It would be good if Gradle-STS tooling detected these bogus entries did something to handle them if possible.