Per http://groups.google.com/group/the-lift-book/browse_thread/thread/da4d7c7cb6d79547?hl=en

• The last sentence of the paragraph justifying the use of LiftView vs
  InsecureLiftView might be more explicit if it said "If a user attempts
  to go to /ExpenseView/doEnumerate they’ll get a 404 because
  doEnumerate is not defined in the dispatch method." As I understand it,
  InsecureLiftView would also return a 404 for a request to /ExpenseView/
  privateMethod, since the method does not exist. Alternatively, if
  privateMethod were included in Listing 3.9 and did something
  destructive, it might highlight the insecurity of InsecureLiftView.
• The next paragraph (the last of 3.7) begins with "Another difference
  between custom dispatch and Views is that...". I don't know what
  custom dispatch is yet (as I've read that it's in section 7.2). At
  this point in my reading, this particular paragraph is a little
  confusing. Maybe it should be removed/reworked? Maybe it could give me
  a teaser of what custom dispatch is, to make me look forward to
  section 7.2?

I've reworked the items you've mentioned (and added some more example code for explicit dispath)