Again, read this line
"...Accessing resource managers and enterprise beans is disallowed in the session bean methods for which the Container does not have a meaningful transaction context or client security context..."
"..........or client security context..." <---Are you getting it now???
Accessing resource managers and enterprise beans is ALLOWED IF IT HAS CLIENT SECURITY CONTEXT :-)
In CMT, Stateful session bean, for ejbCreate, ejbRemove, ejbActivate, ejbPassivate methods, they have CLIENT SECURITY CONTEXT
Hence the case