Is he a Java guy? If so, he's probably thinking of how Java can prevent programs from accessing certain things (e.g. the filesystem). However, since any non-trivial Java program needs to access the filesystem, this type of permission will be granted immediately. It's more relevant for things like applets than it is for programs you would write in-house.
In terms of things to read, here are three good ones:
The most important point to make, IMO, is that security is a feature of programmers and their process, not of languages. There is no reason to think that a .NET or Java program that accessed a database and some files is more secure than a Perl program that does the same.