"Not understanding the security model" seems to be a common problem with cross-platform developers.
Nothing cross-platform about it. "Not understanding the security model" is pretty much par for the course among developers whose main workload is not security-related, regardless of the platform(s) involved.