Summary: the security interfaces should be directly accessible when defining fields, tables, scripts and layouts. FileMaker has very good security, but does not offer a developer a "good practice" ritual when defining these elements of a solution.
Why it is important: developers forget to set the right security for elements they define, because they must leave that environment ( schema defintion dialog, script workspace, layout properties dialog ) and then access LOTS of screens in the security dialogs to define security for that element for all privilege groups. All fancy security features fail then because the human factor is forgotten. The developer is almost encouraged to provide "optimistic" security in order to get everything working for every security group. Providing schema, script and layout centric security allows the developer to easily and much more correctly decide which privilege group has which access, while he or she is buidling, or adapting the solution, FileMaker approaches security as if a developer has to apply security in the final phase of the solution. This while many solutions are never finished. It would make FileMaker solutions much more secure.