Restricting the usage of certain tags to a set of users makes building controlled-content areas very simple. A restricted tag cannot be given to a page by a user who does not have permission to use that tag. Therefore, an unauthorized user can neither modify a page with that tag, nor add a new page to a list of pages that includes that tag.

For example, if the tag Official:PepCo is create-restricted to users who are members of the PepCo group, then only those users will be able to add or edit pages that have Official:PepCo. And given that that tag will be one of the core organizational tags for PepCo's content, there is no way that a user without authorization can inject unauthorized information into the PepCo sub-site.

Of course, there is no requirement for PepCo group members to create pages or lists with Official:PepCo. The restriction of the tag is purely one-way: It doesn't have to be used to protect all of PepCo's content, but it can be used to protect content that is sensitive and should be protected from unauthorized change.