Well, you can configure that kind of thing by running under a SecurityManager, or you could use aspectj. It's not really the kind of thing that Acegi should be doing - more about applying safeguard policies to your development process. If you're actually worried about code-level threats then you will have to do a lot more than just protecting the authentication provider.
Where do you see a threat coming from?
Well, I'm not a security specialist so I don't really know where the threat could come from. But all other methods will be secured (available only for authenticated and authorized users), so I want to do the same with the service method returning userdetails from the database, which is sensible data. Moreover we plan to expose these services methods to final users through business processes they can build with BPEL or something like that. So people who will potentially use these services are not only developers and are not always aware about security issues