You can currently manage the ACL with code, it gets complicated when you start wanting to change many entries in the ACL. Imagine an application where you have three groups, Readers, Authors and Managers. You could add those groups the NAB and add the groups to the ACL, then the code only has to manage the contents of the group.
Great. Now imagine that there are 300 databases of that application, so each db requires it's own group in the NAB, so 300 x 3 = 900 Groups. Many companies are reluctant to do allow this.
Imagine instead that you had one of the new fangled named documents in the database. You could have three named documents in the db, one for Reader, one for Author, one for Managers.
You could make it so that the ACL entry could be something like NamedDoc:<<NamedDocName>>:<<FieldName>>
Where the ACL would use the contents of the named document, passed field name for it's contents.
From a programming point of view, the management of the ACL group entry becomes much easier, and the ACL changes wouldn't require Admin rights to a db, just rights to update the Named Document.