i noticed a design flaw in the HFS logic for files protection:
if i protect a file both with
set user/pass and
restrict access to an account, then the only way to access this file is the user/pass, the account won't work.
don't panic, 
this means LESS people can access the file, no unauthorized access.this was because user/pass has priority over accounts (this is wanted), but if the account matches then access should be granted, it looks quite logic to me.
i'm telling you because i want to know if it makes sense to you.
i plan to fix this in 2.0a and 2.1
2.0a will be just as 2.0 but with some bugfix
2.1 will have new features and bugfixes.
to be clearer: this discussion applies to an item that has both settings on itself.
indeed, if A is inside B, B has accounts and A has user/pass, then only the user/pass can access, this is wanted.