As I expected...
According to a colleague who has more experience with other major databases such as Oracle, Progress comes "out of the box" much less secure than these others. Rephrased, users and permissions must be added within an Oracle database -- Progress allows a "user-less" database to exist.
This has been a problem which can be fairly easily remedied as I've explained before. Adding one user is enough to invoke DB security. Why isn't this simple procedure always performed? Many people in IT departments accept the un-integrated security layer set up within Progress-based applications as good enough. Manuals for ERP packages and other enterprise systems should at least include a side-bar about setting up some non-application-related database security to restrict access to data outside the application.
I'll write it for them -- or for you, if you can use it for, say, HIPAA, SOX, etc.