Isolated Storage is no guarantee of security
During code reviews and the analysis of partner apps, I have often noticed that centralized "Isolated Storage Management” codeunits are created which have getter and setter procedures. This is certainly nice from a code structuring point of view, but from a security point of view it's a nightmare.
The AppSourceCop gives an indication of the security problem:
AppSourceCop Warning AS0081 - InternalsVisibleTo should not be used as a security feature.
The InternalsVisibleTo setting will expose your internal objects to any extension with the given name, publisher, and ID. Access modifiers are not designed to be used as a security boundary, but for API development.
This message is unfortunately ignored far too often, but it is really important!