T50 provides the basic security features, perhaps at a level which is good enough for the RT and Bugzilla migration. Still, let's go back to the original requirement:
It should be possible to define the default access level of all tasks within a project, and user should not be able to override them.
For instance, given a "Security" project, all tasks assigned to that project would automatically be private. Nobody should be able to create a ticket for this project publicly visible. Nobody should be able to make an existing task public, not even by mistake.
Currently you can assign a task to the Security project and it will still be public until the "Security" field is set to something different than "none".
(We could discuss whether removing the Security project should make a task public as well, but in my opinion this is just a little convenience for the Security team members, a minor feature that we can live without for now.)
For what is wort, upstream is planning to work on a definitive implementation of "Spaces", although there are no dates confirmed, or even suggested.