For those of you that are interested in a more in depth knowledge of the new security system can have a look at
http://geoserver.org/display/GEOS/Flexible+Authentication+for+Stateless+Web+Services
There is also a chapter how some concepts are implemented in GeoServer.
Thanks to Justin for publishing and reviewing.
Christian