Until/unless Drupal has a fully-managed module package manager (installer), Group By Resource Type is only going to make managing a Drupal install insanely harder. The security issues should be solved some other, less painful way.
110% agree with this statement The only really security sensitive file(s) in drupal is settings.php That can be out outside of the web server tree, but I think at this point in time this should be optional. Some of the ways to enhance the flexibility of the fs earlier can be employed, without sacrificing complexity. This option should be considered for use by "clued up" users. Which automatically gives rise to the question - if they are clued up, do they need it anyway - it prevents leaks from misconfigured serever confings.