Those tag security changes landed in an 8.0.x release.
What this means is that when accessing Exposed Tags (i.e. tags under the Tag Providers folder, when this feature is enabled) through the server the user the connecting client authenticated with is passed through to the tag system and any security settings on your tags will be applied. The auth profile the server is configured to use and the roles assigned to the user the client authenticates with may start to matter to you.
Tags from configured devices (i.e. tags under the Devices folder) still do not have any access control and likely won’t in the near term.