I only ever relied on field security for the visual assistance of disabling fields in the ui. Now that it doesnt even do that, its pointless. Actual security needs to be implemented via bpm either way.
You could probably use AI to create a program that would mass generate BPMs from a table UD table containing what fields were read only..
I think any way you look at it the system is broken or at best, lacking, and you will have to do something a little bit smelly in some regard to get to your end goal.
Or from Ice.Security… 