Asterisk security

while reading Asterisk Def.Guide 3rd edition- in chapter on building Auto Attendant-
I found this warning:
;
You will want to have a pattern match for the various extensions
that you’ll allow external callers to dial
BUT DON’T JUST INCLUDE THE LocalSets CONTEXT
OR EXTERNAL CALLERS WILL BE ABLE TO MAKE CALLS OUT OF YOUR SYSTEM
; WHATEVER YOU DO HERE, TEST IT CAREFULLY TO ENSURE EXTERNAL CALLERS
; WILL NOT BE ABLE TO DO ANYTHING BUT DIAL INTERNAL EXTENSIONS
;
exten => _1XX,1,Verbose(1,Call to an extension starting with '1’
same => n,Goto(InternalSets,${EXTEN},1)
;
so I was wondering what would be scenario (in dialplan) that external callers could make
calls out of called system and how to prevent it?

Thx!

OK, maybe put in different words, is this security issue- the way how you
handling incoming calls:
let say this:

[incoming]
exten => _X.,1,Verbose(2,Incoming call from {CALLERID(all)} to extension ${EXTEN})
same => n,Dial(SIP/${EXTEN:6})
same => n,Hangup()

or this:
[incoming]
exten => _X.,1,Verbose(2,Incoming call from {CALLERID(all)} to extension ${EXTEN})
same => n,Goto(locals,${EXTEN:6},1)
same => n,Hangup()

[locals]
exten => 100,1,Dial(SIP/100)
same => n,Hangup()
exten => 101,1,Dial(SIP/101)
same => n,Hangup()
exten => 102,1,Dial(SIP/102)
same => n,Hangup()
.
.
.
is it better to split incoming calls into two context or it doesnt matter?