As part of the development of NextGen Rock, including the v2 API, we've improved where each Entity Type inherits its security, and in some cases, we're shifting away from the global default of "Allow All Users" to more restrictive defaults. Check out this blog post for more details.