Will it be possible to manage security / permissions purely by directory in this new capability? Here's the use-case:
Yes and no. They aren't "directories" in the way you think they are, but yes, permissions are inherited. So if a page does not define its own ACL, the parent page is checked for the ACL. This should give the exact effect you're looking for!
/Janne
