I can't comment on the first question. As for the second, I always linked the be tables with a password. Yes, it can be exposed if you know how and someone else in a similar capacity as you should know the password in case one or the other is no longer employed there. Nothing about Access is bullet proof AFAIk, but you can do some things to keep the uniformed nosy people out of the be data. It will never be as secure as the least secure executable application, but in concert, there are several actions you can employ.
The more we hear silence, the more we begin to think about our value in this universe.
Paraphrase of Professor Brian Cox.