The types are no less protectable by authorization policies than the data, although authorization is hard to get right anyways, all else the same this architecture doesn't worsen it much--perhaps just less reverse engineering required to exploit vulnerabilities you already had.