[DGD] nomask and static vs straight

[Shentino]

I've been dusting off kotaka, and I've run into a bit of a tomato tomahto
deal.

A few of my role inheritables accept calls from managers through a nomask
function that is access protected, and then makes a local call to the actual
hook, which is declared static.

Example:  Daemon calls nomask _F_hook, nomask _F_hook calls static hook
(possibly overridden)

Others, however, make a straight call to the hook directly.

Example:  Daemon calls hook

What I'm curious about is who should bear the burden of access control.
 With a nomask and a stack, my role inheritable guarantees that a simple
static function supplied by the inheritor will suffice, whereas if I just do
a straiht call, the inheritor has to bear the burden of allowing the
appropriate caller, and yet turn away from everyone else.

Any reason I should do one over the other?

For some reason, I get a vibe of "built-in" if it's a nomask-static juggle,
and currently use it for objectd's calling an object's destruct.

Am I actually getting any security benefits if I take two steps instead of
one?