If I have a database with a bunch of Hidden Views that can only be seen by specific ACL roles. And I have forms in the database that have sections &/or fields that are available only to specific roles. Does ExportWiz allow end users who are using it as a tool to pull record level data from my NSF to gain access to the data displayed in these hidden views and hidden fields when they do not have the requisite role?
View security is very easy to bypass so should not be used to secure a system where privacy is critical. Any user can create a private view in Lotus Notes (or run a simple script) and see documents that are hidden via a view. You need to use document level security (readers fields) if you want to stop people poking around.
ExportWiz will allow access to data that may reside only in hidden views as you can view data without regard to the view (as a query).