We support full document security as you are used to in Domino. We also secure the database so that only the accounts that you specify have access to the data.
When a user is set up, you get to define what "Notes Names" they have assigned to them. This will include their canonical Notes Name (e.g. CN=Fred Bloggs/O=Londc) but can also include any ACL groups or ACL Roles that are assigned to the user. This way you can manage exactly what each individual user account has access to.
On the other side of things, for each collection of documents (grouped by Form Name) you can define which fields are readers and authors. If there are no readers and authors then anyone with access to the database will be able to read the data. But as soon as you define a readers field then only super users or users who have the correct Notes Name settings will be able to see documents in the collection.