The only new thing is...
So what they've done is embedded the ability to "program" inside the storage controllers. How is this different from an external device accessing the data and performing miracles?
And, of course, what security is there if it's not part of an AD domain or Unix equivalent? Can anyone just "get at" the data now if they can access the APIs?