It seems GlideRecord when used in scripts doesn't respect ACLs? So a script can grab some information, that the user its running as doesnt have access to.
No, The first time when code/scripts runs it checks that is there any acl defined for that table ? if yes then it checks further that whether user is having a access to the row/column of that table. if user passes the qualification given in the acls it executes else it returns false.
GlideRecordSecure is a class inherited from GlideRecord that performs the same functions as GlideRecord, and also enforces ACLs. Like GlideRecord, GlideRecordSecure is an object that contains zero or more records from one table. Another way to say this is that GlideRecordSecure is an ordered list that is used for database operations instead of writing SQL queries. GlideRecordSecure:
