In think if the posts are not objects you lose most (if not all) of the benifit of running OpenACS. The site I'm running has about 500,000 objects and growing. Right now I've got two performance problems cause by permission on objects.
1. Trying to get permissions on a large result set is a problem. I'm not sure this is completly a permission problem since putting plsql in any query returning a large (>100 rows) result set can be a problem. If a function takes 10 ms and you run it 100 times it adds up. I need to mess with the all_object_party_privilage_map and see how it works.
2. Updating the context_id on an object takes several seconds right now. I'm testing a fix for this right now.
I've found the object system to be invaluable on my project. It's great to be able to pass around a number and figure out what kind of object it is, what it's attributes are and what's related to it. The only problem is when you what to know who has access to it.
From what I've seen if there were no permission system the object model would have little impact on performance. With permission I started having problems around 250,000 objects. To be fair I've read the permssion system design goals and I think it's a spec problem more than an implementaion problem. The goal seems to have been return permission on a single object quickly and return a result set with permission checking at least as fast and the result set without permission checking. This means select * from acs_objects where permssion = 'read' will take a with if you have more than a few hundred objects.
I think two things need to be done.
1. Make the current permsission model as fast as possible.
2. Make the permission system optional on each object.
The first just requires fixing stuff as it shows up. The second I'm planing to implement by adding a check_perm flag to acs_objects and maintaining a table with object_id, context_id with a trigger. Then change the permsission views to use that table. Since I only need to permssion about 10% of my objects that's a big win. It would also help the bboard if you don't want permission checks on all posts.