Since it's kept on the call stack, it doesn't change any objects. So the same TLS is shared globally, but only for the exec round. Which brings up a point of security. If you are going to let other "users" besides System access it (API_TLS is only inheritable by system), you need some sort of access control to make sure two different users/subsystems don't stomp on each other.