Frank, permission checking has been an issue with OpenACS4X right from its inception (as you know)
In intranet search and in site design in general you need to consider whether your content is public or private by default. OpenACS is a general framework for building internet and intranet sites, there is (maybe unfortunately) not a builtin assumption on whether content is rather private or rather public. Even for a production .LRN site I cannot say that yet.
Now the rationale behind my approach is that the most restrictive query clause be applied first. Which one is the most restrictive clause? Depends on the query terms and on the content. In case of the HP Printer division, if you search for "HP Printer" *all* documents may be relevant, right? I think in terms of query tweaking there is no good starting point, so you may want to change the user interface, so it is much harder to run a query "HP Printer" on the complete content. E.g. if you search by default "in this community" you have a much, much smaller potential result set. (That'll be turned on in .LRN search by default)
Also we are not going to show the number of documents that match your query. You'd need to permission all the items in your result set regardless of whether you've reached your "limit" (e.g. the first 10).
What made the the search in the HP printer division intranet so complex?