I agree that the granularity is a big improvement, but there is this one major shortcoming.

 

A way around it is to allow the security to default or float to the nearest match. For instance I am a member of security groups  2, 3 and 4. If groups 1 and 2 were defined in web.config I should get the first match (group 2) as my security level instead of defaulting back to Guest because groups 3 and 4 aren't defined.

Likewise if only group 5 was defined, I should default back to guest.