in bigger companies it is mandatory that changes on Security settings are traceable. It should be reproducible who did which change:
- changes on user: add/delete, …
- changes on groups: add/delete, …
- changes on permissions
For Quality Profiles this is already available, same is needed for Security settings.