Hm, in the beginning I had a similar concern to yours:
The way I’m doing right now is certainly not the “Wappler way”, I’m using Global steps to check the current route and enforce the security there