Across the EA15 presentations videos I see that I could make multiple root nodes in a project and limit their visibility so users can't even see the root node.
Would this feature help me acheive my goals ?
No. This feature is not related to the row level security function. Consider it more as a convenience for your users who don't want to see things in those root nodes. They can still access the information if they try a little.
I would not trust this mechanism to meet any information security requirements without having done a proper analysis in the context of the proposed deployment.
By all means, review it. Row level security is not our term. What we have done is applied the techniques described by Oracle and Microsoft to the Enterprise Architect data model, allowing useful portions of the database to be restricted. The good news is you only need to do your analysis on the EA portion of the technology. The DB side is well documented.
Row-level security has been introduced to help address this, but there is no public documentation that goes into any detail beyond the fact that row-level security is applied only to 24 "critical" tables (out of the 94 tables in EA's database schema). However, the documentation does state explicitly that "only models hosted by a Pro Cloud Server are able to make use of this feature", so for client users the old access model still applies.
The changes all happen directly within your database, which as far as I'm concerned means that they are quite open. As Geert states, the security is within the database. The PCS offers an added redirection so that users don't have direct DB access, but even if they could connect using the credentials the cloud is using, they couldn't access the data they aren't meant to see.
Since the EA client's security model is trivial to bypass, the only way to achieve meaningful security is to use the security features of the underlying database. This means that the project (which is essentially the same as a database) is the smallest unit at which security protections can be applied.
Which is what row level security is doing.
That's as may be, but there are several industries where security is the business, or is at least integral to it. In those, convenience of use takes a backseat to security, and in those, EA has to be set up the way I've described.
Maybe you should actually investigate the features within EA and PCS before you make such a blanket statement.