At runtime, applications modeled in Visual Composer are run through the Web Dynpro for Visual Composer interpreter, which operates on XGL files. These files are created from the model .gml file during model compilation in the client, and are deployed to the AS Java database or to the DTR.

Generally, all security aspects of a standard Web Dynpro application apply to the Web Dynpro for Visual Composer interpreter.