I don't know in this particular piece of software. I'm just saying that an "effective access control" can be something very trivial. It doesn't have to be anything as sophisticated as encryption.
Just to speculate, it could be something like using the user's login credentials.