If you follow the 4 layer architecture (or another approach) then you will have several espaces/modules in 1 application.
The communication between the layers is done via Public actions/entities.
But everything public is also available outside your application. Sometimes you want this but most of the time not. There are ways to prevent this but they are not 'clean' solutions.
So I propose: a new access state called 'Protected' which means that the action/entity/etc is only vissible in your Application.
After this you will have the states private, public (currently used) and protected (newly added). This will give you more control and now you can build your security critical application in the 4 layer architecture without worrying about 'unwanted reuse' :)