This white paper was just published; it provides an introduction to the MOSS security model for those who are interested. From the article:
In order for a web application to exist in today’s business environment, it must stand up to modern day information security standards. Additionally, organizations maintain their own sets of information security policies, corporate compliance requirements and technical specifications. The purpose of this document is to explore the security model of MOSS and to explain how it is equipped to meet corporate security requirements. This document is not intended to recommend how to configure MOSS, nor does it try to answer why an organization should use MOSS.