It seems you are badly paraphrasing comments elsewhere. If you point a specific link, it would be useful to know what was actually said. Some of the discussions involved the problem that the goals described the developers while submitting the patchset didn't match the patches.
It is ok for a security solution to address a specific subset of the problems while leaving others as outside the scope but the documentation should explicitly say so. If it doesn't then it makes it harder to merge those patches. Smack did a good job of describing the scope of the problem it was trying to address.