SpringCM and Salesforce have different security models. Salesforce allows for things like Profile Security, Role Hierarchies, Permission Sets, and Sharing Rules that allow for extremely granular security to be provided to users for specific records in terms of what each user is able to see (or not).
SpringCM, since it is a folder based system, has security that follows an inheritance model where security can be defined on a parent folder and that same security will be inherited to all the children folders and documents that are contained within. This allows for security to be defined on a few top level folders and for it to propagate down through the folder tree minimizing the need to actively manage security on every folder.
As such, when SpringCM and Salesforce are used together, the SpringCM security model will normally be less restrictive than the Salesforce security model which means that documents related to Salesforce records may be available to users searching or browsing within SpringCM where the related Salesforce record may not otherwise be accessible to that user in Salesforce.
If your Salesforce security model is fairly open and/or the documents related to the Salesforce records don’t require the exact same permissions as Salesforce, then SpringCM will be a good fit for your implementation/organization.
Conversely, if your documents related to your Salesforce records need to have the exact same permission as the Salesforce record, then SpringCM may not be for you.