Hey Sam - that's a good question.
It's always a balance, but the simple answer is - some, but not a lot.
The application where all the security concepts are illustrated is very simple, with the explicit goal of not getting in the way of the student.
Even if we can into more complex scenarios with security, the application itself doesn't have to get complex. And so - it's a basic MVC CRUD app made up of a just a few pages.
Hope that clears things up. Cheers,