Please provide any information you have on limitations of the Advanced Project Security Plugin based on experience. Also, is there any ServiceNow documentation available on this? 

I am familiar with the functionality and it is in use but would like to know what gaps in security might be still not adressed by ServiceNow.

The ones we have discovered already are:
-The name of the secure project will be displayed in some environments such as:
on the Portfolio record (pm_portfolio) if the project is added to a Portfolio
on the program record (pm_program) if the project is added to a Program"
-A "Number of rows removed from this list by Security constraints" message can appear when viewing RIDAC records (for example from risk.list in the native view)
-There's no mechanism that stops a PM from locking themselves out of a project, or warns them if they're about to
-There is no warning/confirmation when a PM is de-selecting the Confidential box
-The 'Groups' box allows you to select any group, not just ones that give the Project Manager role, or ones where at least one member has the PM role.
-Financial reports do not exclude data from confidential projects

-In dashboards, a tile showing the number of projects in a portfolio/program will count the secured project but when the user clicks on the tile to see the records, the project will not appear in the list view