In my article yesterday, I wrote about application level "security." I use scare quotes because hiding and locking form controls does not provide any actual data security. It does improve the user experience by helping guide your users, but you should not mistake it for actual security.
And, in case you might be tempted to disagree with me on this point, let me allow Access MVP Anders Ebro to disavow you of that notion. Pay particular attention to the 7:32 mark in the video where Anders demonstrates a simpler-than-you-might-think application for hacking into a "secure" Access application where all the security is confined to the front-end file.