Maybe George or Teodor could merge these two, but I think the topics are slightly different as mine is just a tip to add the Security Restrict, and yours appears to be more about designing it differently. I prefer their granular design now, but I can also see the desire for the option to group them.
As for this topic, I didn't realize I needed to add a Security Restrict action at all. Part of the confusion, I think, was because a lot of my actions needed the Security Identity to function and I got in the habit of setting "credentials" on all of my Server Connects. But recently I created some Server Connects that do not need the identity, and it was only when I started building them into my App Flows that I noticed they were not restricted.
This led me to add a Security Restrict to most of my Server Connects and that has shown another issue that needs fixing.