Do you think the principle of least privilege can be enforced purely through code structure, or does it always require external policy enforcement?