Hmm...maybe it's best to back up and try to give some idea of the basic intent of object oriented programming. Much of the intent of object oriented programming is to allow the creation of abstract data types. For a really simple example with which you're undoubtedly familiar, consider a string. A string will typically have a buffer to hold the content of the string, some functions that can operate on the string (search in it, access parts of it, create substrings, etc.) It will also (at least typically) have something to keep track of the (current) length of the string, and (probably) the size of the buffer so if (for example) you increase the string's size from 1 to 1000000, it'll know when it needs more memory to hold the larger content.

Those variables (the buffer, current length and the buffer size) are private to the string itself, but they're not local to a particular function. Each string has contents of some particular length, so we need to track that content/length for that string. Conversely, the same function (e.g., to extract a substring) might operate on many different strings at different times, so that data can't be local to the individual function.

As such, we end up with some data that's private to the string, so it's only (directly) accessible to string functions. The outside world can get the length of the string using a string function, but doesn't need to know anything about the internals of the string to get it. Likewise, it might modify the string -- but again, it does so via the string functions, and only they directly modify those variables local to the string object.

Hmm...maybe it's best to back up and try to give some idea of the basic intent of object oriented programming. Much of the intent of object oriented programming is to allow the creation of abstract data types. For a really simple example with which you're undoubtedly familiar, consider a string. A string will typically have a buffer to hold the content of the string, some functions that can operate on the string (search in it, access parts of it, create substrings, etc.) It will also (at least typically) have something to keep track of the (current) length of the string, and (probably) the size of the buffer so if (for example) you increase the string's size from 1 to 1000000, it'll know when it needs more memory to hold the larger content.

Those variables (the buffer, current length and the buffer size) are private to the string itself, but they're not local to a particular function. Each string has contents of some particular length, so we need to track that content/length for that string. Conversely, the same function (e.g., to extract a substring) might operate on many different strings at different times, so that data can't be local to the individual function.

As such, we end up with some data that's private to the string, so it's only (directly) accessible to string functions. The outside world can get the length of the string using a string function, but doesn't need to know anything about the internals of the string to get it. Likewise, it might modify the string -- but again, it does so via the string functions, and only they directly modify those variables local to the string object.

As far as security goes, I'd note that while this is reasonable as an analogy, it's not how things really work. In particular, access in C++ is specifically not intended to meet the same kind of requirements as access in an operating system. An operating system is supposed to enforce the restrictions so (for example) a normal user can't do things reserved for an administrator. By contrast, access control in C++ is only intended to prevent accidents. By design, anybody who wants to can bypass them quite easily. They're on the same order as marking a file read-only so you don't accidentally delete it. If you decide to delete the file, it's trivial to change it from read-only to read-write; all setting it to read-only does is make you at least think about it a second and decide to delete the file so it won't get deleted by accident just from hitting the wrong key at the wrong time.